Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win7 - TR\Patched.ren.gen (https://www.trojaner-board.de/166916-win7-tr-patched-ren-gen.html)

SteSbo 14.05.2015 14:48
Win7 - TR\Patched.ren.gen
 
Hallo,

bekomme von Avira Free Antivirus in letzter Zeit (seit einigen Wochen) immer wieder Sicherheitshinweise mit dem Inhalt, dass der Zugriff von TR\Patched.ren.gen auf diverse temporäre Windows-Dateien geblockt wurde. Nach dem Drücken des „Entfernen“-Buttons und einem dadurch ausgelösten Avira-Kurz-Scan ist dann kurz Ruhe und dann fängt das Spiel von vorne an. Verwende neben Avira Free Antivirus auch noch regelmäßig folgende Tools und Programme, um mein System schlank und sauber zu halten:
CCleaner, Windows-Datenträgerbereinigung, Windows-Defender, Spybot Search and Destroy, Microsoft Windows-Tool zum Entfernen bösartiger Software, Adaware, Adwcleaner, Malwarebytes Anti-Malware und Junkware Removal Tool. Alle diese Programme werden regelmäßig geupdatet. Und auch die Windows-updates erfolgen regelmäßig bzw. sind up to date.

Meine Frage(n):
- Warum oder wie habe ich mir TR\Patched.ren.gen eingefangen?
- Reicht mein Schutz nicht aus?
- Was macht TR\Patched.ren.gen?
- Wie werde ich TR\Patched.ren.gen wieder los.?

Wäre sehr nett, wenn ich hier Hilfe fände. Bin mit diesem Mist überfordert! :confused::headbang::killpc:

Hier die Logfiles:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:54 on 14/05/2015 (Laptop 1)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by Laptop 1 (administrator) on LAPTOP-1 on 14-05-2015 14:55:28
Running from C:\Users\Laptop 1\Desktop\Neuer Ordner
Loaded Profiles: Laptop 1 (Available profiles: Laptop 1)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\BirdieSync\BirdieSync.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Program Files (x86)\BirdieSync\Android\Adb\1.0.29\adb.exe
() C:\Program Files (x86)\BirdieSync\Android\Adb\1.0.29\adb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8447192 2015-04-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-04-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-20] (COMODO)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2015-02-09] (Dell Inc.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2015-02-09] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-11] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-04-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-28] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\Run: [BirdieSync] => C:\Program Files (x86)\BirdieSync\BirdieSync.exe [1118208 2012-11-20] ()
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-04-21] (TrueCrypt Foundation)
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-02-09] (Piriform Ltd)
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\MountPoints2: {82177871-cbe3-11e1-a9a0-0050b64a6974} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\MountPoints2: {cb837c35-c830-11e0-ae12-9cef8a9125bb} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\MountPoints2: {ef3ed2f7-c96e-11e0-932e-f04da269a72f} - E:\autorun.exe setup.exe -suppressUpToDateInfo
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\MountPoints2: {ef3ed31c-c96e-11e0-932e-f04da269a72f} - F:\autorun.exe setup.exe -suppressUpToDateInfo
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2011-08-18]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Offene Vorgänge - Verknüpfung.lnk [2011-11-14]
ShortcutTarget: Offene Vorgänge - Verknüpfung.lnk -> C:\Users\Laptop 1\Desktop\Offene Vorgänge ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2867973987-743759374-2304721918-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-2867973987-743759374-2304721918-1000 -> {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=c5a16a47d75ddc1b5a1ee7e8397375d80779922a&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Laptop 1\AppData\Roaming\Mozilla\Firefox\Profiles\287muvzo.default-1362154688318
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Sunbird\Extensions: [{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}] - C:\Program Files (x86)\BirdieSync\Sunbird Service
FF Extension: BirdieSync - C:\Program Files (x86)\BirdieSync\Sunbird Service [2012-01-04]
FF HKLM-x32\...\Thunderbird\Extensions: [{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}] - C:\Program Files (x86)\BirdieSync\Thunderbird Service
FF Extension: BirdieSync - C:\Program Files (x86)\BirdieSync\Thunderbird Service [2012-01-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2012-07-19] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-04-09] (Avira Operations GmbH & Co. KG)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-20] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-20] (COMODO)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-05-13] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-29] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-11] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-05-13] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2015-02-09] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-29] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-04-09] (Realtek Semiconductor)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2015-02-09] (Samsung Electronics Co., Ltd.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [73200 2014-10-06] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498952 2008-04-21] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2015-02-09] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1800448 2015-02-09] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-07] (Avira Operations GmbH & Co. KG)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797280 2015-04-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-04-01] (COMODO)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [112896 2012-07-14] (Huawei Technologies Co., Ltd.)
S3 ewsercd; C:\Windows\SysWOW64\DRIVERS\ewsercd.sys [112896 2012-07-19] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-18] (GFI Software)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [116864 2012-07-19] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-09] (REALiX(tm))
S3 hwusbfake; C:\Windows\SysWOW64\DRIVERS\ewusbfake.sys [116224 2012-07-19] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2015-02-09] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-04-01] (COMODO)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x64-n620f.sys [82432 2014-08-19] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-05-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-05-13] (Malwarebytes Corporation)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7689216 2010-05-31] (Intel Corporation) [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2015-03-29] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-09] (NVIDIA Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2015-02-09] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2015-02-09] (Samsung Electronics Co., Ltd.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2015-02-09] (Synaptics Incorporated)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-03-11] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [X]
S3 dlcdbus; system32\DRIVERS\dlcdbus.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 14:50 - 2015-05-14 14:55 - 00000000 ____D () C:\Users\Laptop 1\Desktop\Neuer Ordner
2015-05-14 14:50 - 2015-05-14 14:55 - 00000000 ____D () C:\FRST
2015-05-14 14:37 - 2015-05-14 14:38 - 00000175 _____ () C:\Users\Laptop 1\Desktop\Trojaner-board.de.url
2015-05-14 14:11 - 2015-05-14 14:11 - 00000000 _____ () C:\Users\Laptop 1\defogger_reenable
2015-05-14 11:13 - 2015-05-14 11:13 - 00002333 _____ () C:\Users\Laptop 1\Desktop\JRT.txt
2015-05-14 10:12 - 2015-05-14 10:12 - 00000000 ____D () C:\Users\Laptop 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sonstiges
2015-05-14 10:11 - 2015-05-14 10:11 - 00000000 ____D () C:\Users\Laptop 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wartung (eigene)
2015-05-14 10:06 - 2015-05-14 14:47 - 00000840 _____ () C:\Windows\setupact.log
2015-05-14 10:06 - 2015-05-14 10:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-14 10:01 - 2015-05-14 10:01 - 02209792 _____ () C:\Users\Laptop 1\Downloads\adwcleaner_4.204.exe
2015-05-13 20:21 - 2015-02-09 21:41 - 00450892 _____ () C:\Windows\system32\Drivers\etc\hosts.20150513-202110.backup
2015-05-13 20:20 - 2015-05-13 20:20 - 00028978 _____ () C:\Users\Laptop 1\Documents\cc_20150513_202033.reg
2015-05-13 19:43 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:43 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 19:26 - 2015-05-13 19:26 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 19:26 - 2015-05-13 19:26 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 19:26 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 19:26 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 19:26 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 19:26 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 19:25 - 2015-05-13 19:25 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 19:25 - 2015-05-13 19:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 19:25 - 2015-05-13 19:25 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 19:24 - 2015-05-13 19:24 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-10 10:49 - 2015-05-10 10:49 - 00002222 _____ () C:\Users\Public\Desktop\tax 2015.lnk
2015-05-10 10:46 - 2015-05-10 10:46 - 00000000 ____D () C:\Program Files (x86)\Buhl finance
2015-05-10 10:25 - 2015-05-10 10:39 - 00000000 ____D () C:\Users\Laptop 1\Desktop\tax 2015 (Download)
2015-05-10 10:24 - 2015-05-10 10:24 - 01038704 _____ (Amazon Services LLC) C:\Users\Laptop 1\Downloads\tax_2015_Downloader.exe
2015-04-27 19:52 - 2015-04-27 19:52 - 00011522 _____ () C:\Users\Laptop 1\Desktop\Freistellungsaufträge Lukas.xlsx
2015-04-25 12:38 - 2015-04-25 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-25 12:20 - 2015-04-25 12:20 - 00001798 _____ () C:\Users\Laptop 1\Documents\cc_20150425_122032.reg
2015-04-25 12:19 - 2015-04-25 12:19 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-25 12:19 - 2015-04-25 12:19 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-25 12:19 - 2015-04-25 12:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-04-25 12:19 - 2015-04-25 12:19 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-04-25 12:18 - 2015-04-25 12:18 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-04-25 12:18 - 2015-04-25 12:18 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 08:35 - 2015-04-15 08:35 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 08:35 - 2015-04-15 08:35 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 08:35 - 2015-04-15 08:35 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 08:34 - 2015-04-15 08:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 08:33 - 2015-04-15 08:33 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 08:33 - 2015-04-15 08:33 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:33 - 2015-04-15 08:33 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 03:38 - 2015-04-14 03:38 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 14:52 - 2014-12-12 18:35 - 01007606 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-05-14 14:48 - 2015-03-11 20:24 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-14 14:47 - 2011-08-19 19:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-14 14:47 - 2011-08-18 17:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 14:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 14:46 - 2014-01-17 20:58 - 01378467 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 14:33 - 2011-08-18 17:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 14:28 - 2012-04-21 12:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 14:16 - 2011-11-14 20:08 - 00000000 ____D () C:\Users\Laptop 1\Desktop\Offene Vorgänge
2015-05-14 14:11 - 2011-08-16 19:51 - 00000000 ____D () C:\Users\Laptop 1
2015-05-14 11:31 - 2009-07-14 06:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 11:31 - 2009-07-14 06:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 11:02 - 2015-04-08 20:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 10:54 - 2011-08-21 15:18 - 00000000 ____D () C:\Users\Laptop 1\Desktop\Wartung und Instandhaltung
2015-05-14 10:44 - 2015-04-08 20:39 - 00000000 ____D () C:\AdwCleaner
2015-05-14 10:11 - 2013-03-19 19:42 - 00000000 ____D () C:\Users\Laptop 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 10:11 - 2011-08-24 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wartung (eigene)
2015-05-14 10:11 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 10:08 - 2011-08-18 17:51 - 00000000 ____D () C:\Users\Laptop 1\AppData\Roaming\Thunderbird
2015-05-13 20:18 - 2014-10-25 17:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-13 19:58 - 2009-07-14 06:45 - 00363344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 19:54 - 2011-08-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:52 - 2013-07-24 21:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 19:47 - 2011-08-17 18:24 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 19:42 - 2012-05-18 19:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:42 - 2012-05-18 19:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 19:39 - 2015-03-06 21:01 - 00015306 _____ () C:\Users\Laptop 1\Desktop\Encos-Skoda Datenlog.xlsx
2015-05-13 19:19 - 2015-04-08 20:59 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-13 19:19 - 2015-04-08 20:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-13 19:19 - 2015-04-08 20:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-13 19:19 - 2015-04-08 20:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-10 10:49 - 2012-10-25 20:42 - 00000877 _____ () C:\Windows\wiso.ini
2015-05-10 10:49 - 2012-10-25 20:42 - 00000000 ____D () C:\Users\Laptop 1\AppData\Local\Buhl
2015-05-10 10:49 - 2012-10-25 19:34 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2015-05-10 10:46 - 2014-08-08 11:45 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-10 10:46 - 2011-08-17 14:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-07 20:19 - 2013-04-04 19:02 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 20:19 - 2013-04-04 19:02 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-07 20:19 - 2013-04-04 19:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-05 20:37 - 2011-08-20 07:49 - 00000000 ____D () C:\Users\Laptop 1\Documents\Haushalt
2015-05-02 17:34 - 2011-08-20 07:51 - 00000000 ____D () C:\Users\Laptop 1\Documents\Jana
2015-04-29 15:59 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-28 17:56 - 2011-08-20 06:57 - 00000000 ____D () C:\Users\Laptop 1\Documents\Allgemeines
2015-04-27 18:16 - 2012-04-26 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-25 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-04-25 12:16 - 2015-02-09 19:19 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-25 11:51 - 2011-08-17 05:49 - 00496420 _____ () C:\Windows\system32\perfh007.dat
2015-04-25 11:51 - 2011-08-17 05:49 - 00271948 _____ () C:\Windows\system32\perfc007.dat
2015-04-22 19:14 - 2011-08-17 18:09 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-20 16:09 - 2011-08-21 13:08 - 00000000 ____D () C:\Users\Laptop 1\Desktop\Gescannte Vorlagen
2015-04-19 15:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 19:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 08:28 - 2012-04-21 12:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:28 - 2012-04-21 12:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 08:28 - 2011-08-18 12:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2011-08-18 08:33 - 2012-03-04 14:10 - 0000412 _____ () C:\Users\Laptop 1\AppData\Roaming\All CPU Meter_Settings.ini
2014-10-25 16:02 - 2014-10-30 21:05 - 14299136 _____ () C:\Users\Laptop 1\AppData\Roaming\Sandra.mdb
2011-08-19 23:46 - 2015-02-11 21:30 - 0007626 _____ () C:\Users\Laptop 1\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Laptop 1\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-08 21:43

==================== End Of Log ============================
Addition.txt und Gmer.txt passten nicht in diesen Beitrag. Liefere ich nach Eröffnung des Dialogs nach.

deeprybka 14.05.2015 15:17
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.


Los geht's:

Bitte die restlichen Logs posten.

SteSbo 14.05.2015 16:14
Hallo Jürgen,

schön, dass Du Dich so schnell gemeldet hast. Mein Name ist Stefan.

Bevor ich die Logs poste:
Beim Erstellen des ersten FRST-Logs kamm die Meldung "Unable to open script file"
Außerdem habe ich alle drei Programme aus einem "neuen Ordner" auf dem Desktop ausführen müssen, denn die Logfiles von FRST und Gmer wurden zwar erzeugt, waren aber auf dem Desktop nicht sichtbar! (Seeeehr seltsam oder?) Beim erneuten erzeugen der Logfiles fragte das System jedoch, ob ich die alten überschreiben möchte. Neustart hat sie auch nicht zum Vorschein gebracht. ...

Hier die Logs:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 01
Ran by Laptop 1 at 2015-05-14 14:56:02
Running from C:\Users\Laptop 1\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2867973987-743759374-2304721918-500 - Administrator - Disabled)
Gast (S-1-5-21-2867973987-743759374-2304721918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2867973987-743759374-2304721918-1002 - Limited - Enabled)
Laptop 1 (S-1-5-21-2867973987-743759374-2304721918-1000 - Administrator - Enabled) => C:\Users\Laptop 1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics)
Acronis*True*Image*Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8105 - Acronis)
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{7E33E883-0D17-4397-A461-B576605E34B1}) (Version: 12.1.6.156 - Adobe Systems, Inc)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version:  - ALDI TALK Verbindungsassistent)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AVerMedia H339 Hybrid TV Tuner 2.2.64.64 (HKLM-x32\...\AVerMedia H339 Hybrid TV Tuner) (Version: 2.2.64.64 - AVerMedia TECHNOLOGIES, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bentley View (V 08.05.02.35) - 1 (HKLM-x32\...\{EC2A673E-4292-4C5E-A802-80DD385B8A52}) (Version:  - )
BirdieSync 2.4.5.0 (HKLM-x32\...\BirdieSync) (Version: 2.4.5.0 - Callicia)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version:  - )
CanoScan LiDE 700F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq9601) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.5.64714.1383 - COMODO Security Solutions Inc.)
CrystalDiskInfo 4.0.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 4.0.2 - Crystal Dew World)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.6 - Fomanu AG)
Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit)
FAHClient (HKLM-x32\...\FAHClient) (Version: 7.4.4 - Stanford University)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\MyFreeCodec) (Version:  - )
Nuance OmniPage 17 (HKLM-x32\...\{7752EBE0-6323-4A65-AFAB-B61CF763B0C2}) (Version: 17.0.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PHOTOfunSTUDIO 5.1 HD Edition (HKLM-x32\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.01.130 - Panasonic Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
RedistSysFiles (x32 Version: 8.1.0 -  ) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.5 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SiSoftware Sandra Lite 2014.SP3e (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 20.50.2014.10 - SiSoftware)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.4.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
tax 2015 (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.00.8811 - Buhl Data Service GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2867973987-743759374-2304721918-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-02-09 21:41 - 00450892 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00356453-F79C-4FF5-B1BC-EF318A211CCB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO)
Task: {02B18916-BBD4-4FA8-8E1D-F7A32E7F645C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-09] (Piriform Ltd)
Task: {2F89E336-C2BD-4949-89FF-1804274A5CA6} - System32\Tasks\{743CE281-CC16-4E8B-A30F-012CC86B068B} => J:\AS-Dateien\LESER VALVESTAR DOS\Star.exe
Task: {33E37E1D-BB0C-461D-A332-C11E66CB9D3D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-29] (Microsoft Corporation)
Task: {40FD3580-CF73-4C37-B5AA-83C20F58FAF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {487E5BE0-139F-4CE1-B023-73360DF267CA} - System32\Tasks\{8DC74545-4D80-4733-95AA-2518398036FA} => J:\AS-Dateien\LESER VALVESTAR DOS\Star.exe
Task: {4EB0D1CC-5EEF-4B24-A201-139B6748D4D3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-29] (Microsoft Corporation)
Task: {50779BE2-0BF6-4A12-A0AB-4A1249270010} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO)
Task: {548544CC-FC9E-4D3E-AA89-5A31C3FA89B3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-12-28] (Samsung Electronics.)
Task: {63D947D3-9969-4DDC-93FD-43667296B16F} - \Driver Booster SkipUAC (Laptop 1) No Task File <==== ATTENTION
Task: {6640C8F3-7FA6-484C-A347-E6E2F888A40D} - \Driver Booster Update No Task File <==== ATTENTION
Task: {67A2368B-2637-44DB-B44B-B7C0432F145B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {6F6EBF85-1B15-42D7-AA7A-DFF506C5FE05} - System32\Tasks\{09743F53-7334-40CF-8B80-2789E155AFE3} => pcalua.exe -a "C:\Users\Laptop 1\Downloads\Adaware_Installer.exe" -d "C:\Users\Laptop 1\Downloads"
Task: {70A5C9DE-D96C-4DBC-B769-BB29D2D115B5} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {751B5137-9CEC-4818-ADBD-428A379E3B1D} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {76880C37-33A8-4E9D-95BD-8E6A307635E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {83AD2019-3DC2-4E16-8FE7-49F1BFA102CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {8AD834ED-272C-406B-A8CC-7705E12FD559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {9593A477-D74C-400C-9025-B48DE5ED2160} - System32\Tasks\{C8A63C1B-9F0C-4EB1-B4B3-34C4DBB096E8} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe" -d "C:\Program Files (x86)\Mozilla Thunderbird" -c /UpdateShortcutAppUserModelIds
Task: {A338FC45-4CF4-4E88-97EF-725F3A05ADE0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {A95D2501-6D93-419D-92A3-40B326DD58F0} - System32\Tasks\{0E80DFD7-DE24-4879-B769-365B04C4F1D1} => pcalua.exe -a "C:\Users\Laptop 1\AppData\Local\Temp\Temp1_K33926_DRV_V5.2.23316_Setup.zip\Setup.exe"
Task: {AA4CBD36-E656-40FE-9541-2BEDDCA2B867} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-29] (Microsoft Corporation)
Task: {CDCF76C4-8E64-4C5D-B35C-3290DFA795B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-28] (Adobe Systems Incorporated)
Task: {D2BD78CC-4AA4-4F08-AF67-9D38CC862F6B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D9C74224-8632-466A-9801-6169D622AB5E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-29] (Microsoft Corporation)
Task: {F9D48AF5-2477-4CDB-A30E-831CD94D9B68} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-20] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-07 20:02 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-17 12:23 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2012-07-19 13:33 - 2012-07-19 13:33 - 00342984 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2015-03-10 19:50 - 2015-03-10 19:50 - 02756616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll
2015-03-10 19:50 - 2015-03-10 19:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 19:51 - 2015-03-10 19:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 19:51 - 2015-03-10 19:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2011-08-17 15:46 - 2010-09-24 10:21 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2015-03-10 19:50 - 2015-03-11 20:24 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 19:51 - 2015-03-10 19:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 19:51 - 2015-03-10 19:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 19:51 - 2015-03-10 19:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 19:51 - 2015-03-10 19:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 19:50 - 2015-03-10 19:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 19:50 - 2015-03-10 19:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2011-08-18 08:30 - 2011-08-18 08:30 - 00006144 _____ () C:\Users\Laptop 1\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll
2011-08-18 08:30 - 2011-08-18 08:30 - 00008704 _____ () C:\Users\Laptop 1\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll
2011-08-18 08:30 - 2011-08-18 08:30 - 00007680 _____ () C:\Users\Laptop 1\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll
2012-11-20 17:44 - 2012-11-20 17:44 - 01118208 _____ () C:\Program Files (x86)\BirdieSync\BirdieSync.exe
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2008-04-21 23:27 - 2008-04-21 23:27 - 00498952 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2011-12-06 11:37 - 2011-12-06 11:37 - 00161792 _____ () C:\Program Files (x86)\BirdieSync\Android\Adb\1.0.29\adb.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\autoexec.bat:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNHMCA6.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601C.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601I.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601L.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601O.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601Y.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CoSetup_x64_.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jmcricon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBAPO264.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBppld64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBTHX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBWrp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc100jpn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434725.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434752.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434788.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434725.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434752.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434788.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RltkAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTNUninst64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FAHScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jmcricon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MBAPO232.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MBAPO32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MBTHX32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp120.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\AVer7231_x64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgntflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avipbb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avkmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avnetflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorF.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\jmcr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NETwsw00.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NETwsw01.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Rt64win7.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SamsungRapidFSFltr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Trufos.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:7311BB85
AlternateDataStreams: C:\ProgramData\TEMP:9B013599
AlternateDataStreams: C:\Users\Laptop 1\Downloads\2015_Beitragstabelle_II.PDF:$CmdTcID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\2015_Beitragstabelle_II.PDF:$CmdZnID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\adwcleaner_4.204.exe:$CmdTcID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\adwcleaner_4.204.exe:$CmdZnID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\Einladung_50.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\Einladung_50.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\tax_2015_Downloader.exe:$CmdTcID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\tax_2015_Downloader.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2867973987-743759374-2304721918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Laptop 1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 5.1 HD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Laptop 1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Folding@home.lnk => C:\Windows\pss\Folding@home.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Nuance OmniPage 17-reminder => "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: OpAgent => "OpAgent.exe" /agent
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Prelaunch OmniPage => "C:\Program Files (x86)\Nuance\OmniPage17\OmniPage17.exe" /preload
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{BABCB7AE-6700-48AB-AEC1-2CC605D30413}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{FFF717C4-8759-47A2-AF15-6C53A96080D9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{444C92E3-9438-4B78-A440-D57358BEC1C5}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{8213C952-4A96-49F6-8FAE-4B362FD88781}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{5C035D6D-4AEA-48E7-A683-D6375C3AAECC}] => (Allow) LPort=26675
FirewallRules: [{E89B4E5F-F5E3-41A2-88BA-B38462FCA7BA}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{288060CC-D70B-4557-AAC2-D50DE6471C40}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2C2FF455-39B0-4596-895D-83E38459AAA0}] => (Allow) LPort=26675
FirewallRules: [{E3FE6DC9-B9D4-4AC5-8384-8CBF8B0028AD}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{C96410E3-FB68-495D-B6D4-267E57DEBA21}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{9B377A55-9D65-40F0-9FE2-B0E37A445055}] => (Allow) LPort=26675
FirewallRules: [{FA335F0A-2853-4712-A1D7-A81667AF6461}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{306E67FF-2E68-46D0-99FF-4D5ED31313AF}] => (Allow) C:\Program Files (x86)\BirdieSync\BirdieSync.exe
FirewallRules: [{13AC60DB-8D88-46B5-A4B8-5CE603E44A1D}] => (Allow) C:\Program Files (x86)\BirdieSync\BirdieSync.exe
FirewallRules: [{07D0BD40-76AD-4580-B58A-F5585C21A0D9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{AEAC84BD-3050-45B6-9BF9-D67787E9FF1B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{CF157462-399D-42FF-A4B1-F98CC46BA0B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CFF3DCEE-E76E-410D-B805-F080717060B9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9C43968C-8FEC-4DE1-B05D-C44A8C8B59F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8B074F19-DADC-4812-A214-7684337F1BF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B4039192-1C42-4E95-85FC-DEFB3B0BC38B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E0459CCC-CD1D-483C-91FE-532C942F1576}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9E2CA7DA-4D3D-4FF8-88E8-68C4C5E1B25A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B9CBE0C7-E6BD-444C-B407-1FADC963C425}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{0A8B4570-9A62-45F2-B4A8-7AC5EE432E6A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{16611A37-69CF-4E68-B0E8-BA8A7E2D8A06}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4120915F-64ED-4934-AAA6-7842FC4B90DF}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe
FirewallRules: [{B7DCECF6-EBEF-4489-80C1-B357ECCED2A2}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{676E3664-BB32-4E6E-BD9F-823FD23B052A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B1940DC-CF9E-4866-896F-33FF5BE2D932}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A733A13-D8F6-45A4-8093-49949DDD1835}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
StandardProfile\AuthorizedApplications: [C:\Users\Laptop 1\Desktop\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Intel(R) Turbo Boost Technology Driver
Description: Intel(R) Turbo Boost Technology Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: Impcd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 02:56:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
  VSS-Server wird instanziiert

Error: (05/14/2015 02:56:03 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  VSS-Server wird instanziiert

Error: (05/14/2015 02:55:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (05/14/2015 02:52:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
  VSS-Server wird instanziiert

Error: (05/14/2015 02:52:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  VSS-Server wird instanziiert

Error: (05/14/2015 02:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0xa68
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3

Error: (05/14/2015 00:34:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (05/14/2015 11:32:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (05/14/2015 11:01:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (05/14/2015 10:53:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.


System errors:
=============
Error: (05/14/2015 02:48:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error: (05/14/2015 02:47:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (05/14/2015 02:46:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (05/14/2015 02:46:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (05/14/2015 02:46:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2015 02:32:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Acronis Scheduler2 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/14/2015 00:34:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
%%-2147467259

Error: (05/14/2015 11:25:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
stdcfltn

Error: (05/14/2015 11:25:30 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (05/14/2015 11:23:30 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll


Microsoft Office Sessions:
=========================
Error: (05/14/2015 02:56:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (05/14/2015 02:56:03 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (05/14/2015 02:55:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst16000000008FFD00008FFD0000980B0000

Error: (05/14/2015 02:52:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (05/14/2015 02:52:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (05/14/2015 02:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec12a6801d08e27ec3c01d8C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll40422c8f-fa37-11e4-8d95-f04da269a72f

Error: (05/14/2015 00:34:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst16000000008FFD00008FFD0000980B0000

Error: (05/14/2015 11:32:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst16000000008FFD00008FFD0000980B0000

Error: (05/14/2015 11:01:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst16000000008FFD00008FFD0000980B0000

Error: (05/14/2015 10:53:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst16000000008FFD00008FFD0000980B0000


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 43%
Total physical RAM: 8124.35 MB
Available physical RAM: 4609.98 MB
Total Pagefile: 16246.91 MB
Available Pagefile: 12149.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Harddisk) (Fixed) (Total:465.66 GB) (Free:280.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 558EEE47)
Partition 1: (Active) - (Size=94 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gmer folgt gleich.

SteSbo 14.05.2015 16:20
Sorry, ist über 900000 Zeichen lang. Als Anhang die Zip-Datei.

deeprybka 14.05.2015 16:35
Zitat:
Zitat von SteSbo (Beitrag 1465757)
- Reicht mein Schutz nicht aus?
Code:
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

Eher etwas zuviel als zuwenig...;)

Bitte alles bis auf Avira und Windwos Defender deinstallieren.

SteSbo 14.05.2015 16:52
Ad-Aware ist deinstalliert
Comodo ist deinstalliert

Spybot fragt bei der Deinstallation folgendes (sinngemäß):
- Soll gelöschte Malware aus der Quarantäne wieder hergestellt werden?
- Sollen Browser-Blockierungen (Immunisierung) rückgängig gemacht werden?
Habe die Deinstallation erstmal abgebrochen. Soll ich die genannten Programmänderungen rückgängig machen oder nicht?

deeprybka 14.05.2015 17:14
Zitat:
Zitat von SteSbo (Beitrag 1465781)
Spybot fragt bei der Deinstallation folgendes (sinngemäß):
- Soll gelöschte Malware aus der Quarantäne wieder hergestellt werden? Nein!
- Sollen Browser-Blockierungen (Immunisierung) rückgängig gemacht werden? Nein!
...:)

SteSbo 14.05.2015 19:01
So, jetzt ist auch Spybot deinstalliert und ein Warmstart durchgeführt.

deeprybka 14.05.2015 19:05
Hi,

Schritt 1
Echtzeitschutz des Virenscanners abschalten.

http://www.deeprybka.trojaner-board.de/zoek/avira.gif

Schritt 2
http://deeprybka.trojaner-board.de/b...s/combofix.pngScan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Die nächste Antwort gibts dann morgen, hab auch mal "Feierabend". ;)

SteSbo 14.05.2015 20:53
Hallo,

bis hier schon mal vielen Dank!!! :dankeschoen: Dir auf jeden Fall einen schönen Feierabend.

Muss morgen arbeiten und kann erst am späten Nachmittag wieder an den Rechner. Melde mich!

So, der Scan und die Logdatei haben etwas gedauert. - ComboFix meldete nach dem Neustart des Rechners folgendes: "Bereite Logdatei vor. Starte keine anderen Programme, bevor ComobFix fertig ist." Aufgrund des Neustars sind allerdings einige Autostarts gelaufen (Thunderbird, ...).

Nachfolgend der Log:
Code:
Combofix Logfile:

       
Code:

       
ComboFix 15-05-13.01 - Laptop 1 14.05.2015  20:28:03.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8124.4529 [GMT 2:00]
ausgeführt von:: c:\users\Laptop 1\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Laptop 1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Laptop 1\AppData\Roaming\Microsoft\Windows\Recent\TNG Intranet Netz bs ssbolalik.url
c:\users\LAPTOP~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-14 bis 2015-05-14  ))))))))))))))))))))))))))))))
.
.
2015-05-14 18:39 . 2015-05-14 18:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-05-14 12:50 . 2015-05-14 12:56        --------        d-----w-        C:\FRST
2015-05-13 17:43 . 2015-05-01 13:17        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:43 . 2015-05-01 13:16        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:25 . 2015-05-13 17:25        328704        ----a-w-        c:\windows\system32\services.exe
2015-05-13 17:24 . 2015-05-13 17:24        3204608        ----a-w-        c:\windows\system32\win32k.sys
2015-05-13 17:16 . 2015-04-04 06:25        12032440        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1E194A3-98BD-4BC5-8539-73EE362260CC}\mpengine.dll
2015-05-10 08:46 . 2015-05-10 08:46        --------        d-----w-        c:\program files (x86)\Buhl finance
2015-05-01 18:10 . 2015-05-01 18:10        229608        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-04-25 10:19 . 2015-04-25 10:19        82944        ----a-w-        c:\windows\system32\dwmapi.dll
2015-04-25 10:19 . 2015-04-25 10:19        67584        ----a-w-        c:\windows\SysWow64\dwmapi.dll
2015-04-25 10:19 . 2015-04-25 10:19        1632768        ----a-w-        c:\windows\system32\dwmcore.dll
2015-04-25 10:19 . 2015-04-25 10:19        1372160        ----a-w-        c:\windows\SysWow64\dwmcore.dll
2015-04-25 10:18 . 2015-04-25 10:18        2543104        ----a-w-        c:\windows\system32\wpdshext.dll
2015-04-25 10:18 . 2015-04-25 10:18        2311168        ----a-w-        c:\windows\SysWow64\wpdshext.dll
2015-04-25 10:18 . 2015-04-25 10:18        1195008        ----a-w-        c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-04-15 06:34 . 2015-04-15 06:34        754688        ----a-w-        c:\windows\system32\drivers\http.sys
2015-04-15 06:33 . 2015-04-15 06:33        79360        ----a-w-        c:\windows\system32\clfsw32.dll
2015-04-15 06:33 . 2015-04-15 06:33        58880        ----a-w-        c:\windows\SysWow64\clfsw32.dll
2015-04-15 06:33 . 2015-04-15 06:33        367552        ----a-w-        c:\windows\system32\clfs.sys
2015-04-15 00:35 . 2015-04-15 00:35        18645184        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-14 09:02 . 2015-04-08 18:59        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-13 17:47 . 2011-08-17 16:24        140425016        ----a-w-        c:\windows\system32\MRT.exe
2015-05-13 17:25 . 2015-05-13 17:25        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-05-13 17:24 . 2015-05-13 17:24        470528        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2015-05-13 17:24 . 2015-05-13 17:24        309248        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-05-13 17:24 . 2015-05-13 17:24        2560        ----a-w-        c:\windows\apppatch\AcRes.dll
2015-05-13 17:24 . 2015-05-13 17:24        2178560        ----a-w-        c:\windows\apppatch\AcGenral.dll
2015-05-13 17:24 . 2015-05-13 17:24        103424        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-05-13 17:19 . 2015-04-08 18:59        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-05-13 17:19 . 2015-04-08 18:59        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-05-13 17:19 . 2015-04-08 18:59        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-05-07 18:19 . 2013-04-04 17:02        152744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-05-07 18:19 . 2013-04-04 17:02        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2015-05-07 18:19 . 2013-04-04 17:02        132120        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-04-22 17:14 . 2011-08-17 16:09        295552        ------w-        c:\windows\system32\MpSigStub.exe
2015-04-15 06:28 . 2012-04-21 10:06        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 06:28 . 2011-08-18 10:44        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 01:38 . 2015-04-14 01:38        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2015-04-09 19:08 . 2015-04-09 19:08        977624        ----a-w-        c:\windows\system32\drivers\Rt64win7.sys
2015-04-09 19:08 . 2015-04-09 19:08        73800        ----a-w-        c:\windows\system32\RtNicProp64.dll
2015-04-09 19:08 . 2011-08-17 14:00        107552        ----a-w-        c:\windows\system32\RTNUninst64.dll
2015-04-09 19:01 . 2015-04-09 19:01        1298136        ----a-w-        c:\windows\system32\RTCOM64.dll
2015-04-09 19:01 . 2015-04-09 19:01        2808176        ----a-w-        c:\windows\system32\RltkAPO64.dll
2015-04-09 19:01 . 2015-04-09 19:01        1708248        ----a-w-        c:\windows\system32\RCoInstII64.dll
2015-04-09 19:01 . 2015-04-09 19:00        2902040        ----a-w-        c:\windows\system32\FMAPO64.dll
2015-04-09 19:01 . 2015-04-09 19:01        4408792        ----a-w-        c:\windows\system32\drivers\RTKVHD64.sys
2015-04-09 19:01 . 2015-04-09 19:01        2888920        ----a-w-        c:\windows\system32\RtPgEx64.dll
2015-04-09 19:01 . 2015-04-09 19:01        2702040        ----a-w-        c:\windows\system32\RTSnMg64.cpl
2015-04-09 19:01 . 2015-04-09 19:00        1945856        ----a-w-        c:\windows\system32\MBAPO264.dll
2015-04-09 19:01 . 2015-04-09 19:00        1713920        ----a-w-        c:\windows\SysWow64\MBAPO232.dll
2015-04-09 19:01 . 2015-04-09 19:01        72113152        ----a-w-        c:\windows\system32\RCORES64.dat
2015-04-08 19:10 . 2015-04-08 19:10        957952        ----a-w-        c:\windows\system32\appraiser.dll
2015-04-08 19:10 . 2015-04-08 19:10        769536        ----a-w-        c:\windows\system32\invagent.dll
2015-04-08 19:10 . 2015-04-08 19:10        726528        ----a-w-        c:\windows\system32\generaltel.dll
2015-04-08 19:10 . 2015-04-08 19:10        419840        ----a-w-        c:\windows\system32\devinv.dll
2015-04-08 19:10 . 2015-04-08 19:10        30720        ----a-w-        c:\windows\system32\acmigration.dll
2015-04-08 19:10 . 2015-04-08 19:10        192000        ----a-w-        c:\windows\system32\aepic.dll
2015-04-08 19:10 . 2015-04-08 19:10        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-04-08 19:10 . 2015-04-08 19:10        1111552        ----a-w-        c:\windows\system32\aeinv.dll
2015-04-07 17:54 . 2013-05-07 16:59        44088        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2015-04-01 17:48 . 2011-11-10 15:57        41248        ----a-w-        c:\windows\system32\cmdcsr.dll
2015-04-01 17:47 . 2014-05-15 16:03        358104        ----a-w-        c:\windows\system32\cmdvrt64.dll
2015-04-01 17:46 . 2014-05-15 16:03        45784        ----a-w-        c:\windows\system32\cmdkbd64.dll
2015-04-01 17:45 . 2014-05-15 16:03        288472        ----a-w-        c:\windows\SysWow64\cmdvrt32.dll
2015-04-01 17:45 . 2014-05-15 16:03        40664        ----a-w-        c:\windows\SysWow64\cmdkbd32.dll
2015-03-29 15:50 . 2015-03-29 15:50        622224        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2015-03-29 15:49 . 2011-08-19 17:34        935056        ----a-w-        c:\windows\system32\nvvsvc.exe
2015-03-29 15:48 . 2015-03-29 15:47        970384        ----a-w-        c:\windows\system32\NvIFR64.dll
2015-03-29 15:48 . 2015-03-29 15:47        944784        ----a-w-        c:\windows\system32\NvFBC64.dll
2015-03-29 15:48 . 2015-03-29 15:47        930448        ----a-w-        c:\windows\SysWow64\NvIFR.dll
2015-03-29 15:48 . 2015-03-29 15:47        3303448        ----a-w-        c:\windows\system32\nvapi64.dll
2015-03-29 15:48 . 2015-03-29 15:47        2906928        ----a-w-        c:\windows\SysWow64\nvapi.dll
2015-03-29 15:48 . 2015-03-29 15:47        25460880        ----a-w-        c:\windows\system32\nvcompiler.dll
2015-03-29 15:48 . 2015-03-29 15:47        909512        ----a-w-        c:\windows\SysWow64\NvFBC.dll
2015-03-29 15:48 . 2015-03-29 15:47        1896136        ----a-w-        c:\windows\system32\nvdispco6434788.dll
2015-03-29 15:48 . 2015-03-29 15:47        18580512        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2015-03-29 15:48 . 2015-03-29 15:47        13297144        ----a-w-        c:\windows\system32\nvopencl.dll
2015-03-29 15:48 . 2015-03-29 15:47        10775080        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2015-03-29 15:48 . 2015-03-29 15:47        10262160        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2015-03-29 15:48 . 2015-03-29 15:47        3611792        ----a-w-        c:\windows\system32\nvcuvid.dll
2015-03-29 15:48 . 2015-03-29 15:47        3249352        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2015-03-29 15:48 . 2015-02-09 18:02        16022016        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2015-03-29 15:48 . 2015-03-29 15:47        32114888        ----a-w-        c:\windows\system32\nvoglv64.dll
2015-03-29 15:48 . 2015-03-29 15:47        17258024        ----a-w-        c:\windows\system32\nvd3dumx.dll
2015-03-29 15:48 . 2015-03-29 15:47        1557648        ----a-w-        c:\windows\system32\nvdispgenco6434788.dll
2015-03-29 15:48 . 2015-03-29 15:47        24775368        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2015-03-29 15:48 . 2015-03-29 15:47        13210080        ----a-w-        c:\windows\system32\nvcuda.dll
2015-03-29 15:48 . 2015-03-29 15:47        10715864        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2015-03-29 15:48 . 2015-03-29 15:47        20466376        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2015-03-29 15:48 . 2015-03-29 15:47        14121624        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2015-03-29 15:25 . 2015-03-29 15:25        1895240        ----a-w-        c:\windows\system32\nvdispco6434752.dll
2015-03-29 15:25 . 2015-03-29 15:25        1557648        ----a-w-        c:\windows\system32\nvdispgenco6434752.dll
2015-03-29 14:43 . 2015-03-29 14:42        11523584        ----a-w-        c:\windows\system32\drivers\NETwsw01.sys
2015-03-29 13:29 . 2014-12-11 13:15        3218800        ----a-w-        c:\windows\system32\RtkApi64.dll
2015-03-29 13:29 . 2014-12-11 13:15        631000        ----a-w-        c:\windows\system32\RtDataProc64.dll
2015-03-27 19:46 . 2011-08-18 13:33        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-03-27 19:46 . 2011-08-18 13:33        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-03-24 16:39 . 2011-10-07 13:55        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-03-23 19:18 . 2012-01-30 16:05        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-03-23 19:18 . 2012-01-30 16:05        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-03-22 17:14 . 2014-03-05 04:37        19104256        ----a-w-        c:\windows\SysWow64\FAHScreensaver.scr
2015-03-22 10:28 . 2015-03-22 10:28        92672        ----a-w-        c:\windows\system32\CNQ9601I.DLL
2015-03-22 10:28 . 2015-03-22 10:28        495104        ----a-w-        c:\windows\system32\CNQ9601L.DLL
2015-03-22 10:28 . 2015-03-22 10:28        235008        ----a-w-        c:\windows\system32\CNQ9601O.DLL
2015-03-22 10:28 . 2015-03-22 10:28        17920        ----a-w-        c:\windows\system32\CNHMCA6.DLL
2015-03-22 10:28 . 2015-03-22 10:28        1342976        ----a-w-        c:\windows\system32\CNQ9601C.DLL
2015-03-22 10:28 . 2008-09-10 23:39        244736        ----a-w-        c:\windows\system32\CNQ9601Y.DLL
2015-03-13 19:41 . 2014-10-20 20:43        1756424        ----a-w-        c:\windows\system32\nvspbridge64.dll
2015-03-13 19:41 . 2014-10-20 20:43        1514528        ----a-w-        c:\windows\system32\nvspcap64.dll
2015-03-13 19:41 . 2014-10-20 20:43        1316184        ----a-w-        c:\windows\SysWow64\nvspbridge.dll
2015-03-13 19:41 . 2014-10-20 20:43        1278920        ----a-w-        c:\windows\SysWow64\nvspcap.dll
2015-03-13 16:16 . 2011-08-19 17:34        6861968        ----a-w-        c:\windows\system32\nvcpl.dll
2015-03-13 16:16 . 2011-08-19 17:34        3526856        ----a-w-        c:\windows\system32\nvsvc64.dll
2015-03-13 16:16 . 2011-08-19 17:34        62608        ----a-w-        c:\windows\system32\nvshext.dll
2015-03-13 16:16 . 2011-08-19 17:34        386248        ----a-w-        c:\windows\system32\nvmctray.dll
2015-03-13 16:16 . 2011-08-19 17:34        2559808        ----a-w-        c:\windows\system32\nvsvcr.dll
2015-03-11 13:10 . 2014-10-20 20:41        4246327        ----a-w-        c:\windows\system32\nvcoproc.bin
2015-03-10 17:41 . 2015-03-10 17:41        70656        ----a-w-        c:\windows\SysWow64\fontsub.dll
2015-03-10 17:41 . 2015-03-10 17:41        46080        ----a-w-        c:\windows\system32\atmlib.dll
2015-03-10 17:41 . 2015-03-10 17:41        41984        ----a-w-        c:\windows\system32\lpk.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BirdieSync"="c:\program files (x86)\BirdieSync\BirdieSync.exe" [2012-11-20 1118208]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2014-04-21 1516496]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-02-09 7404312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-15 498160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-07 728312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-04-09 129272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-28 1022152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-4-3 389744]
Offene Vorgänge - Verknüpfung.lnk - c:\users\Laptop 1\Desktop\Offene Vorgänge [2011-11-14] [Folder]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [x]
R3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);c:\windows\system32\DRIVERS\dlcdbus.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdbus.sys [x]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys;c:\windows\SYSNATIVE\DRIVERS\ewsercd.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;c:\windows\system32\DRIVERS\lan9500-x64-n620f.sys;c:\windows\SYSNATIVE\DRIVERS\lan9500-x64-n620f.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;c:\windows\system32\DRIVERS\SamsungRapidDiskFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidDiskFltr.sys [x]
S0 SamsungRapidFSFltr;SamsungRapidFSFltr;c:\windows\system32\DRIVERS\SamsungRapidFSFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidFSFltr.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SamsungRapidSvc;Samsung RAPID Mode Service;c:\windows\system32\RAPID\SamsungRapidSvc.exe;c:\windows\SYSNATIVE\RAPID\SamsungRapidSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 06:28]
.
2015-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 17:30]
.
2015-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 17:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-09 8447192]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-04-09 1392496]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-29 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-13 1514528]
"SamsungRapidApp"="c:\program files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe" [2015-02-09 281776]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Laptop 1\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Laptop 1\AppData\Roaming\Mozilla\Firefox\Profiles\287muvzo.default-1362154688318\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/?gws_rd=ssl
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-14  20:58:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-14 18:58
.
Vor Suchlauf: 13 Verzeichnis(se), 307.375.828.992 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 307.364.892.672 Bytes frei
.
- - End Of File - - 71F2845673298FE304E20DFE76F6EADD

--- --- ---

deeprybka 15.05.2015 07:43
Hi,
bitte Scans mit diesen Tools durchführen und Logs posten - auch wenn nichts gefunden wurde:

Schritt 1
  • Schließe alle offenen Programme und Browser.
  • Starte bitte http://filepony.de/icon/adwcleaner.png Adwcleaner.
  • Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
    Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer).

Schritt 2

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

SteSbo 15.05.2015 15:31
Hallo,

neuer Tag neues Glück

hier sind die Logs:

AdwCleaner Logfile:
Code:
# AdwCleaner v4.204 - Bericht erstellt 15/05/2015 um 16:08:45
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Laptop 1 - LAPTOP-1
# Gestarted von : C:\Users\Laptop 1\Desktop\adwcleaner_4.204.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v37.0.2 (x86 de)


*************************

AdwCleaner[R0].txt - [14105 Bytes] - [08/04/2015 20:39:38]
AdwCleaner[R1].txt - [984 Bytes] - [08/04/2015 20:44:41]
AdwCleaner[R2].txt - [1256 Bytes] - [27/04/2015 18:03:15]
AdwCleaner[R3].txt - [1315 Bytes] - [28/04/2015 17:31:54]
AdwCleaner[R4].txt - [1302 Bytes] - [14/05/2015 10:02:01]
AdwCleaner[R5].txt - [1423 Bytes] - [14/05/2015 10:16:10]
AdwCleaner[R6].txt - [1524 Bytes] - [14/05/2015 10:21:16]
AdwCleaner[R7].txt - [1642 Bytes] - [14/05/2015 10:43:01]
AdwCleaner[R8].txt - [1634 Bytes] - [15/05/2015 16:07:28]
AdwCleaner[S0].txt - [13890 Bytes] - [08/04/2015 20:41:04]
AdwCleaner[S1].txt - [1331 Bytes] - [28/04/2015 17:37:01]
AdwCleaner[S2].txt - [1364 Bytes] - [14/05/2015 10:04:20]
AdwCleaner[S3].txt - [1586 Bytes] - [14/05/2015 10:39:30]
AdwCleaner[S4].txt - [1704 Bytes] - [14/05/2015 10:44:20]
AdwCleaner[S5].txt - [1554 Bytes] - [15/05/2015 16:08:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1613  Bytes] ##########
--- --- ---


Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 15.05.2015
Suchlauf-Zeit: 16:14:18
Logdatei: Malwarebytes Anti-Malware.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.15.03
Rootkit Datenbank: v2015.05.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Laptop 1

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 386059
Verstrichene Zeit: 13 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

deeprybka 15.05.2015 16:30
Hi, dann noch einen Suchscan mit ESET bitte:

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


SteSbo 15.05.2015 18:43
Hier ist der ESET-Log

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2660fe4589848a489564f01e2311d997
# engine=23867
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-15 04:04:37
# local_time=2015-05-15 06:04:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 6515 183335727 0 0
# scanned=616
# found=1
# cleaned=0
# scan_time=76
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2660fe4589848a489564f01e2311d997
# engine=23867
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-15 05:34:40
# local_time=2015-05-15 07:34:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 11918 183341130 0 0
# scanned=206580
# found=2
# cleaned=0
# scan_time=4597
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=76D0B865F824230CBACB395002488EB4802FD114 ft=1 fh=31d99283e2e441ab vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFB4A.tmp"

deeprybka 15.05.2015 18:45
Prima.

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

SteSbo 15.05.2015 18:57
Hi,

während der ganzen Scannerei kamen schon keine Meldungen mehr von Antivir.

Jetzt nach dem Scan von FRST vom Desktop aus sind auch die beiden Log-Dateien auf dem Desktop zu sehen, was ja zu Beginn nicht der Fall war. Kann ich mir nicht erklären.

Hier der Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2660fe4589848a489564f01e2311d997
# engine=23867
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-15 04:04:37
# local_time=2015-05-15 06:04:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 6515 183335727 0 0
# scanned=616
# found=1
# cleaned=0
# scan_time=76
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2660fe4589848a489564f01e2311d997
# engine=23867
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-15 05:34:40
# local_time=2015-05-15 07:34:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 11918 183341130 0 0
# scanned=206580
# found=2
# cleaned=0
# scan_time=4597
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=76D0B865F824230CBACB395002488EB4802FD114 ft=1 fh=31d99283e2e441ab vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFB4A.tmp"
Schmarrn, das war der falsche.

Beide zusammen sind zu groß. Brauche noch einen Moment.

Hier der erste Log


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Laptop 1 (administrator) on LAPTOP-1 on 15-05-2015 19:51:01
Running from C:\Users\Laptop 1\Desktop
Loaded Profiles: Laptop 1 &  (Available profiles: Laptop 1)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\BirdieSync\BirdieSync.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\BirdieSync\Android\Adb\1.0.29\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\Program Files (x86)\BirdieSync\Android\Adb\1.0.29\adb.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8447192 2015-04-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-04-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2015-02-09] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-04-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-28] (Adobe Systems Incorporated)
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\Run: [BirdieSync] => C:\Program Files (x86)\BirdieSync\BirdieSync.exe [1118208 2012-11-20] ()
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-04-21] (TrueCrypt Foundation)
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-02-09] (Piriform Ltd)
HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BirdieSync] => C:\Program Files (x86)\BirdieSync\BirdieSync.exe [1118208 2012-11-20] ()
HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-04-21] (TrueCrypt Foundation)
HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-02-09] (Piriform Ltd)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2011-08-18]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Offene Vorgänge - Verknüpfung.lnk [2011-11-14]
ShortcutTarget: Offene Vorgänge - Verknüpfung.lnk -> C:\Users\Laptop 1\Desktop\Offene Vorgänge ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2867973987-743759374-2304721918-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-2867973987-743759374-2304721918-1000 -> {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=c5a16a47d75ddc1b5a1ee7e8397375d80779922a&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=c5a16a47d75ddc1b5a1ee7e8397375d80779922a&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Laptop 1\AppData\Roaming\Mozilla\Firefox\Profiles\287muvzo.default-1362154688318
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Sunbird\Extensions: [{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}] - C:\Program Files (x86)\BirdieSync\Sunbird Service
FF Extension: BirdieSync - C:\Program Files (x86)\BirdieSync\Sunbird Service [2012-01-04]
FF HKLM-x32\...\Thunderbird\Extensions: [{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}] - C:\Program Files (x86)\BirdieSync\Thunderbird Service
FF Extension: BirdieSync - C:\Program Files (x86)\BirdieSync\Thunderbird Service [2012-01-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2012-07-19] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-04-09] (Avira Operations GmbH & Co. KG)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-05-13] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-29] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-05-13] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2015-02-09] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-29] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-04-09] (Realtek Semiconductor)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2015-02-09] (Samsung Electronics Co., Ltd.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe [73200 2014-10-06] (SiSoftware) [File not signed]
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498952 2008-04-21] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2015-02-09] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1800448 2015-02-09] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-07] (Avira Operations GmbH & Co. KG)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [112896 2012-07-14] (Huawei Technologies Co., Ltd.)
S3 ewsercd; C:\Windows\SysWOW64\DRIVERS\ewsercd.sys [112896 2012-07-19] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-18] (GFI Software)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [116864 2012-07-19] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-09] (REALiX(tm))
S3 hwusbfake; C:\Windows\SysWOW64\DRIVERS\ewusbfake.sys [116224 2012-07-19] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2015-02-09] (Intel Corporation)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x64-n620f.sys [82432 2014-08-19] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-05-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-05-13] (Malwarebytes Corporation)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7689216 2010-05-31] (Intel Corporation) [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2015-03-29] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-09] (NVIDIA Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2015-02-09] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2015-02-09] (Samsung Electronics Co., Ltd.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2015-02-09] (Synaptics Incorporated)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [X]
S3 dlcdbus; system32\DRIVERS\dlcdbus.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 19:51 - 2015-05-15 19:51 - 00022691 _____ () C:\Users\Laptop 1\Desktop\FRST.txt
2015-05-15 19:50 - 2015-05-15 19:50 - 00000000 ____D () C:\Users\Laptop 1\Desktop\FRST-OlderVersion
2015-05-15 17:49 - 2015-05-15 17:49 - 02347384 _____ (ESET) C:\Users\Laptop 1\Desktop\esetsmartinstaller_deu.exe
2015-05-15 16:29 - 2015-05-15 16:29 - 00001233 _____ () C:\Users\Laptop 1\Desktop\Malwarebytes Anti-Malware.txt
2015-05-15 16:11 - 2015-05-15 16:11 - 00001693 _____ () C:\Users\Laptop 1\Desktop\AdwCleaner[S5].txt
2015-05-14 20:58 - 2015-05-14 20:58 - 00033789 _____ () C:\ComboFix.txt
2015-05-14 20:25 - 2015-05-14 20:59 - 00000000 ____D () C:\Qoobox
2015-05-14 20:25 - 2015-05-14 20:53 - 00000000 ____D () C:\Windows\erdnt
2015-05-14 20:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-14 20:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-14 20:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-14 20:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-14 20:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-14 20:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-14 20:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-14 20:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-14 20:24 - 2015-05-14 20:24 - 05623645 ____R (Swearware) C:\Users\Laptop 1\Desktop\ComboFix.exe
2015-05-14 19:59 - 2015-05-14 20:41 - 00003748 _____ () C:\Windows\PFRO.log
2015-05-14 14:50 - 2015-05-15 19:51 - 00000000 ____D () C:\FRST
2015-05-14 14:50 - 2015-05-15 19:50 - 00000000 ____D () C:\Users\Laptop 1\Desktop\Neuer Ordner
2015-05-14 14:37 - 2015-05-14 14:38 - 00000175 _____ () C:\Users\Laptop 1\Desktop\Trojaner-board.de.url
2015-05-14 14:11 - 2015-05-14 14:11 - 00000000 _____ () C:\Users\Laptop 1\defogger_reenable
2015-05-14 13:01 - 2015-05-15 19:50 - 02106368 _____ (Farbar) C:\Users\Laptop 1\Desktop\FRST64.exe
2015-05-14 11:13 - 2015-05-14 11:13 - 00002333 _____ () C:\Users\Laptop 1\Desktop\JRT.txt
2015-05-14 10:15 - 2015-05-14 10:15 - 02209792 _____ () C:\Users\Laptop 1\Desktop\adwcleaner_4.204.exe
2015-05-14 10:12 - 2015-05-14 10:12 - 00000000 ____D () C:\Users\Laptop 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sonstiges
2015-05-14 10:11 - 2015-05-14 10:11 - 00000000 ____D () C:\Users\Laptop 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wartung (eigene)
2015-05-14 10:06 - 2015-05-15 17:51 - 00002477 _____ () C:\Windows\setupact.log
2015-05-14 10:06 - 2015-05-14 10:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-14 10:01 - 2015-05-14 10:01 - 02209792 _____ () C:\Users\Laptop 1\Downloads\adwcleaner_4.204.exe
2015-05-13 20:21 - 2015-02-09 21:41 - 00450892 _____ () C:\Windows\system32\Drivers\etc\hosts.20150513-202110.backup
2015-05-13 20:20 - 2015-05-13 20:20 - 00028978 _____ () C:\Users\Laptop 1\Documents\cc_20150513_202033.reg
2015-05-13 19:43 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:43 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 19:26 - 2015-05-13 19:26 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 19:26 - 2015-05-13 19:26 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 19:26 - 2015-05-13 19:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 19:26 - 2015-05-13 19:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 19:26 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 19:26 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 19:26 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 19:26 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 19:25 - 2015-05-13 19:25 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 19:25 - 2015-05-13 19:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 19:25 - 2015-05-13 19:25 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 19:25 - 2015-05-13 19:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 19:25 - 2015-05-13 19:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 19:24 - 2015-05-13 19:24 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 19:24 - 2015-05-13 19:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 19:24 - 2015-05-13 19:24 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-10 10:49 - 2015-05-10 10:49 - 00002222 _____ () C:\Users\Public\Desktop\tax 2015.lnk
2015-05-10 10:46 - 2015-05-10 10:46 - 00000000 ____D () C:\Program Files (x86)\Buhl finance
2015-05-10 10:25 - 2015-05-10 10:39 - 00000000 ____D () C:\Users\Laptop 1\Desktop\tax 2015 (Download)
2015-05-10 10:24 - 2015-05-10 10:24 - 01038704 _____ (Amazon Services LLC) C:\Users\Laptop 1\Downloads\tax_2015_Downloader.exe
2015-04-27 19:52 - 2015-04-27 19:52 - 00011522 _____ () C:\Users\Laptop 1\Desktop\Freistellungsaufträge Lukas.xlsx
2015-04-25 12:38 - 2015-04-25 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-25 12:20 - 2015-04-25 12:20 - 00001798 _____ () C:\Users\Laptop 1\Documents\cc_20150425_122032.reg
2015-04-25 12:19 - 2015-04-25 12:19 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-25 12:19 - 2015-04-25 12:19 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-25 12:19 - 2015-04-25 12:19 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-04-25 12:19 - 2015-04-25 12:19 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-04-25 12:18 - 2015-04-25 12:18 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-04-25 12:18 - 2015-04-25 12:18 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 08:35 - 2015-04-15 08:35 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 08:35 - 2015-04-15 08:35 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 08:35 - 2015-04-15 08:35 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 08:34 - 2015-04-15 08:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 08:33 - 2015-04-15 08:33 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 08:33 - 2015-04-15 08:33 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:33 - 2015-04-15 08:33 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 19:33 - 2011-08-18 17:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 19:28 - 2012-04-21 12:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-15 18:33 - 2011-08-18 17:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-15 17:46 - 2009-07-14 06:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-15 17:46 - 2009-07-14 06:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-15 17:42 - 2014-01-17 20:58 - 01449372 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 16:14 - 2015-04-08 20:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-15 16:10 - 2011-08-19 19:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-15 16:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-15 16:08 - 2015-04-08 20:39 - 00000000 ____D () C:\AdwCleaner
2015-05-14 20:59 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-14 20:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-14 19:59 - 2014-10-25 17:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-14 17:45 - 2014-05-15 18:04 - 00000000 ____D () C:\Users\Laptop 1\AppData\Roaming\Comodo
2015-05-14 17:39 - 2013-02-02 12:08 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-05-14 14:16 - 2011-11-14 20:08 - 00000000 ____D () C:\Users\Laptop 1\Desktop\Offene Vorgänge
2015-05-14 14:11 - 2011-08-16 19:51 - 00000000 ____D () C:\Users\Laptop 1
2015-05-14 10:54 - 2011-08-21 15:18 - 00000000 ____D () C:\Users\Laptop 1\Desktop\Wartung und Instandhaltung
2015-05-14 10:11 - 2013-03-19 19:42 - 00000000 ____D () C:\Users\Laptop 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 10:11 - 2011-08-24 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wartung (eigene)
2015-05-14 10:11 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 10:08 - 2011-08-18 17:51 - 00000000 ____D () C:\Users\Laptop 1\AppData\Roaming\Thunderbird
2015-05-13 19:58 - 2009-07-14 06:45 - 00363344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 19:54 - 2011-08-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:52 - 2013-07-24 21:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 19:47 - 2011-08-17 18:24 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 19:42 - 2012-05-18 19:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:42 - 2012-05-18 19:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 19:39 - 2015-03-06 21:01 - 00015306 _____ () C:\Users\Laptop 1\Desktop\Encos-Skoda Datenlog.xlsx
2015-05-13 19:19 - 2015-04-08 20:59 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-13 19:19 - 2015-04-08 20:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-13 19:19 - 2015-04-08 20:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-13 19:19 - 2015-04-08 20:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-10 10:49 - 2012-10-25 20:42 - 00000877 _____ () C:\Windows\wiso.ini
2015-05-10 10:49 - 2012-10-25 20:42 - 00000000 ____D () C:\Users\Laptop 1\AppData\Local\Buhl
2015-05-10 10:49 - 2012-10-25 19:34 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2015-05-10 10:46 - 2014-08-08 11:45 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-10 10:46 - 2011-08-17 14:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-07 20:19 - 2013-04-04 19:02 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 20:19 - 2013-04-04 19:02 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-07 20:19 - 2013-04-04 19:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-05 20:37 - 2011-08-20 07:49 - 00000000 ____D () C:\Users\Laptop 1\Documents\Haushalt
2015-05-02 17:34 - 2011-08-20 07:51 - 00000000 ____D () C:\Users\Laptop 1\Documents\Jana
2015-04-29 15:59 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-28 17:56 - 2011-08-20 06:57 - 00000000 ____D () C:\Users\Laptop 1\Documents\Allgemeines
2015-04-27 18:16 - 2012-04-26 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-25 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-04-25 12:16 - 2015-02-09 19:19 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-25 11:51 - 2011-08-17 05:49 - 00496420 _____ () C:\Windows\system32\perfh007.dat
2015-04-25 11:51 - 2011-08-17 05:49 - 00271948 _____ () C:\Windows\system32\perfc007.dat
2015-04-22 19:14 - 2011-08-17 18:09 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-20 16:09 - 2011-08-21 13:08 - 00000000 ____D () C:\Users\Laptop 1\Desktop\Gescannte Vorlagen
2015-04-19 15:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 19:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 08:28 - 2012-04-21 12:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:28 - 2012-04-21 12:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 08:28 - 2011-08-18 12:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2011-08-18 08:33 - 2012-03-04 14:10 - 0000412 _____ () C:\Users\Laptop 1\AppData\Roaming\All CPU Meter_Settings.ini
2014-10-25 16:02 - 2014-10-30 21:05 - 14299136 _____ () C:\Users\Laptop 1\AppData\Roaming\Sandra.mdb
2011-08-19 23:46 - 2015-02-11 21:30 - 0007626 _____ () C:\Users\Laptop 1\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Laptop 1\AppData\Local\Temp\avgnt.exe
C:\Users\Laptop 1\AppData\Local\Temp\Quarantine.exe
C:\Users\Laptop 1\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-08 21:43

==================== End Of Log ============================
--- --- ---

--- --- ---

SteSbo 15.05.2015 18:58
... und hier der zweite Log:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by Laptop 1 at 2015-05-15 19:51:43
Running from C:\Users\Laptop 1\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2867973987-743759374-2304721918-500 - Administrator - Disabled)
Gast (S-1-5-21-2867973987-743759374-2304721918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2867973987-743759374-2304721918-1002 - Limited - Enabled)
Laptop 1 (S-1-5-21-2867973987-743759374-2304721918-1000 - Administrator - Enabled) => C:\Users\Laptop 1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics)
Acronis*True*Image*Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8105 - Acronis)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{7E33E883-0D17-4397-A461-B576605E34B1}) (Version: 12.1.6.156 - Adobe Systems, Inc)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version:  - ALDI TALK Verbindungsassistent)
AVerMedia H339 Hybrid TV Tuner 2.2.64.64 (HKLM-x32\...\AVerMedia H339 Hybrid TV Tuner) (Version: 2.2.64.64 - AVerMedia TECHNOLOGIES, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bentley View (V 08.05.02.35) - 1 (HKLM-x32\...\{EC2A673E-4292-4C5E-A802-80DD385B8A52}) (Version:  - )
BirdieSync 2.4.5.0 (HKLM-x32\...\BirdieSync) (Version: 2.4.5.0 - Callicia)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version:  - )
CanoScan LiDE 700F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq9601) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CrystalDiskInfo 4.0.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 4.0.2 - Crystal Dew World)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.6 - Fomanu AG)
Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit)
FAHClient (HKLM-x32\...\FAHClient) (Version: 7.4.4 - Stanford University)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuance OmniPage 17 (HKLM-x32\...\{7752EBE0-6323-4A65-AFAB-B61CF763B0C2}) (Version: 17.0.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PHOTOfunSTUDIO 5.1 HD Edition (HKLM-x32\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.01.130 - Panasonic Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
RedistSysFiles (x32 Version: 8.1.0 -  ) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.5 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SiSoftware Sandra Lite 2014.SP3e (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 20.50.2014.10 - SiSoftware)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.4.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
tax 2015 (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.00.8811 - Buhl Data Service GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2867973987-743759374-2304721918-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-14 20:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02B18916-BBD4-4FA8-8E1D-F7A32E7F645C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-09] (Piriform Ltd)
Task: {2F89E336-C2BD-4949-89FF-1804274A5CA6} - System32\Tasks\{743CE281-CC16-4E8B-A30F-012CC86B068B} => J:\AS-Dateien\LESER VALVESTAR DOS\Star.exe
Task: {33E37E1D-BB0C-461D-A332-C11E66CB9D3D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-29] (Microsoft Corporation)
Task: {40FD3580-CF73-4C37-B5AA-83C20F58FAF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {487E5BE0-139F-4CE1-B023-73360DF267CA} - System32\Tasks\{8DC74545-4D80-4733-95AA-2518398036FA} => J:\AS-Dateien\LESER VALVESTAR DOS\Star.exe
Task: {4EB0D1CC-5EEF-4B24-A201-139B6748D4D3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-29] (Microsoft Corporation)
Task: {548544CC-FC9E-4D3E-AA89-5A31C3FA89B3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-12-28] (Samsung Electronics.)
Task: {63D947D3-9969-4DDC-93FD-43667296B16F} - \Driver Booster SkipUAC (Laptop 1) No Task File <==== ATTENTION
Task: {6640C8F3-7FA6-484C-A347-E6E2F888A40D} - \Driver Booster Update No Task File <==== ATTENTION
Task: {6F6EBF85-1B15-42D7-AA7A-DFF506C5FE05} - System32\Tasks\{09743F53-7334-40CF-8B80-2789E155AFE3} => pcalua.exe -a "C:\Users\Laptop 1\Downloads\Adaware_Installer.exe" -d "C:\Users\Laptop 1\Downloads"
Task: {70A5C9DE-D96C-4DBC-B769-BB29D2D115B5} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {751B5137-9CEC-4818-ADBD-428A379E3B1D} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {83AD2019-3DC2-4E16-8FE7-49F1BFA102CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {8AD834ED-272C-406B-A8CC-7705E12FD559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {9593A477-D74C-400C-9025-B48DE5ED2160} - System32\Tasks\{C8A63C1B-9F0C-4EB1-B4B3-34C4DBB096E8} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe" -d "C:\Program Files (x86)\Mozilla Thunderbird" -c /UpdateShortcutAppUserModelIds
Task: {A95D2501-6D93-419D-92A3-40B326DD58F0} - System32\Tasks\{0E80DFD7-DE24-4879-B769-365B04C4F1D1} => pcalua.exe -a "C:\Users\Laptop 1\AppData\Local\Temp\Temp1_K33926_DRV_V5.2.23316_Setup.zip\Setup.exe"
Task: {AA4CBD36-E656-40FE-9541-2BEDDCA2B867} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-29] (Microsoft Corporation)
Task: {CDCF76C4-8E64-4C5D-B35C-3290DFA795B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-28] (Adobe Systems Incorporated)
Task: {D2BD78CC-4AA4-4F08-AF67-9D38CC862F6B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D9C74224-8632-466A-9801-6169D622AB5E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-29] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-03-07 20:02 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-17 12:23 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2012-07-19 13:33 - 2012-07-19 13:33 - 00342984 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2008-04-21 23:27 - 2008-04-21 23:27 - 00498952 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2011-08-17 15:46 - 2010-09-24 10:21 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-08-18 08:30 - 2011-08-18 08:30 - 00006144 _____ () C:\Users\Laptop 1\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll
2011-08-18 08:30 - 2011-08-18 08:30 - 00008704 _____ () C:\Users\Laptop 1\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll
2011-08-18 08:30 - 2011-08-18 08:30 - 00007680 _____ () C:\Users\Laptop 1\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll
2012-11-20 17:44 - 2012-11-20 17:44 - 01118208 _____ () C:\Program Files (x86)\BirdieSync\BirdieSync.exe
2015-01-21 04:06 - 2015-01-21 04:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2011-12-06 11:37 - 2011-12-06 11:37 - 00161792 _____ () C:\Program Files (x86)\BirdieSync\Android\Adb\1.0.29\adb.exe
2014-10-15 19:08 - 2014-10-15 19:08 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-08-17 15:13 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2009-09-12 15:47 - 2009-09-12 15:47 - 00544768 _____ () C:\Program Files (x86)\BirdieSync\BirdieSync.Lib\sqlite3.dll
2011-01-28 21:44 - 2011-01-28 21:44 - 00030208 _____ () C:\Program Files (x86)\BirdieSync\BirdieSync.Lib\QtSolutions_SingleApplication-2.6.dll
2013-12-14 11:07 - 2014-12-28 18:16 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\autoexec.bat:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNHMCA6.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601C.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601I.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601L.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601O.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNQ9601Y.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CoSetup_x64_.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jmcricon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBAPO264.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBppld64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBTHX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MBWrp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc100jpn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434725.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434752.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434788.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434725.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434752.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434788.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RltkAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTNUninst64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FAHScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jmcricon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MBAPO232.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MBAPO32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MBTHX32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp120.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\AVer7231_x64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgntflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avipbb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avkmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avnetflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorF.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\jmcr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NETwsw00.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NETwsw01.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Rt64win7.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SamsungRapidFSFltr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:7311BB85
AlternateDataStreams: C:\ProgramData\TEMP:9B013599
AlternateDataStreams: C:\Users\Laptop 1\Desktop\adwcleaner_4.204.exe:$CmdTcID
AlternateDataStreams: C:\Users\Laptop 1\Desktop\adwcleaner_4.204.exe:$CmdZnID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\2015_Beitragstabelle_II.PDF:$CmdTcID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\2015_Beitragstabelle_II.PDF:$CmdZnID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\adwcleaner_4.204.exe:$CmdTcID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\adwcleaner_4.204.exe:$CmdZnID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\Einladung_50.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\Einladung_50.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\tax_2015_Downloader.exe:$CmdTcID
AlternateDataStreams: C:\Users\Laptop 1\Downloads\tax_2015_Downloader.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2867973987-743759374-2304721918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Laptop 1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Laptop 1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 5.1 HD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Laptop 1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Folding@home.lnk => C:\Windows\pss\Folding@home.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Nuance OmniPage 17-reminder => "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: OpAgent => "OpAgent.exe" /agent
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Prelaunch OmniPage => "C:\Program Files (x86)\Nuance\OmniPage17\OmniPage17.exe" /preload
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{BABCB7AE-6700-48AB-AEC1-2CC605D30413}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{FFF717C4-8759-47A2-AF15-6C53A96080D9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{444C92E3-9438-4B78-A440-D57358BEC1C5}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{8213C952-4A96-49F6-8FAE-4B362FD88781}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{5C035D6D-4AEA-48E7-A683-D6375C3AAECC}] => (Allow) LPort=26675
FirewallRules: [{E89B4E5F-F5E3-41A2-88BA-B38462FCA7BA}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{288060CC-D70B-4557-AAC2-D50DE6471C40}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2C2FF455-39B0-4596-895D-83E38459AAA0}] => (Allow) LPort=26675
FirewallRules: [{E3FE6DC9-B9D4-4AC5-8384-8CBF8B0028AD}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{C96410E3-FB68-495D-B6D4-267E57DEBA21}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{9B377A55-9D65-40F0-9FE2-B0E37A445055}] => (Allow) LPort=26675
FirewallRules: [{FA335F0A-2853-4712-A1D7-A81667AF6461}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{306E67FF-2E68-46D0-99FF-4D5ED31313AF}] => (Allow) C:\Program Files (x86)\BirdieSync\BirdieSync.exe
FirewallRules: [{13AC60DB-8D88-46B5-A4B8-5CE603E44A1D}] => (Allow) C:\Program Files (x86)\BirdieSync\BirdieSync.exe
FirewallRules: [{07D0BD40-76AD-4580-B58A-F5585C21A0D9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{AEAC84BD-3050-45B6-9BF9-D67787E9FF1B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{CF157462-399D-42FF-A4B1-F98CC46BA0B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CFF3DCEE-E76E-410D-B805-F080717060B9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9C43968C-8FEC-4DE1-B05D-C44A8C8B59F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8B074F19-DADC-4812-A214-7684337F1BF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B4039192-1C42-4E95-85FC-DEFB3B0BC38B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E0459CCC-CD1D-483C-91FE-532C942F1576}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9E2CA7DA-4D3D-4FF8-88E8-68C4C5E1B25A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B9CBE0C7-E6BD-444C-B407-1FADC963C425}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{0A8B4570-9A62-45F2-B4A8-7AC5EE432E6A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{16611A37-69CF-4E68-B0E8-BA8A7E2D8A06}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4120915F-64ED-4934-AAA6-7842FC4B90DF}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\RpcAgentSrv.exe
FirewallRules: [{B7DCECF6-EBEF-4489-80C1-B357ECCED2A2}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{676E3664-BB32-4E6E-BD9F-823FD23B052A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B1940DC-CF9E-4866-896F-33FF5BE2D932}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A733A13-D8F6-45A4-8093-49949DDD1835}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
StandardProfile\AuthorizedApplications: [C:\Users\Laptop 1\Desktop\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe

==================== Faulty Device Manager Devices =============

Name: Intel(R) Turbo Boost Technology Driver
Description: Intel(R) Turbo Boost Technology Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: Impcd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2015 07:42:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/15/2015 06:17:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (05/15/2015 06:16:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/15/2015 06:16:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/15/2015 05:57:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/15/2015 05:57:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/15/2015 05:54:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (05/15/2015 05:49:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/15/2015 05:47:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (05/15/2015 04:17:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.


System errors:
=============
Error: (05/15/2015 07:49:41 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "H:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (05/15/2015 07:49:23 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "H:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (05/15/2015 06:13:12 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "H:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (05/15/2015 06:05:37 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "Z:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (05/15/2015 06:05:36 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "X:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (05/15/2015 05:51:43 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (05/15/2015 05:51:42 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "H:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (05/15/2015 05:51:14 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (05/15/2015 05:51:13 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "H:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (05/15/2015 05:51:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.


Microsoft Office Sessions:
=========================
Error: (05/15/2015 07:42:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/15/2015 06:17:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst16000000008FFD00008FFD0000980B0000

Error: (05/15/2015 06:16:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Laptop 1\Desktop\esetsmartinstaller_deu.exe

Error: (05/15/2015 06:16:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Laptop 1\Desktop\esetsmartinstaller_deu.exe

Error: (05/15/2015 05:57:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Laptop 1\Desktop\esetsmartinstaller_deu.exe

Error: (05/15/2015 05:57:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Laptop 1\Desktop\esetsmartinstaller_deu.exe

Error: (05/15/2015 05:54:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst16000000008FFD00008FFD0000980B0000

Error: (05/15/2015 05:49:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Laptop 1\Desktop\esetsmartinstaller_deu.exe

Error: (05/15/2015 05:47:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst16000000008FFD00008FFD0000980B0000

Error: (05/15/2015 04:17:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: WorkflowServiceHost-Leistungsindikatoren für den Workflowdienst16000000008FFD00008FFD0000980B0000


CodeIntegrity Errors:
===================================
  Date: 2015-05-14 20:33:41.977
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-14 20:33:41.931
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 44%
Total physical RAM: 8124.35 MB
Available physical RAM: 4503.29 MB
Total Pagefile: 16246.91 MB
Available Pagefile: 11983.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Harddisk) (Fixed) (Total:465.66 GB) (Free:286.25 GB) NTFS
Drive e: (ext. HD D - 465GB) (Fixed) (Total:465.76 GB) (Free:0 GB) NTFS
Drive h: (ext. HD C - 465GB) (Fixed) (Total:465.76 GB) (Free:0 GB) NTFS
Drive i: (USB-Stick 1GB) (Removable) (Total:0.94 GB) (Free:0.64 GB) NTFS
Drive j: (USB-Stick 4 GB) (Removable) (Total:3.73 GB) (Free:3.65 GB) NTFS
Drive k: (USB-Stick 4 GB) (Removable) (Total:3.73 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 558EEE47)
Partition 1: (Active) - (Size=94 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EF84FF37)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 927ACEBF)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: AA733676)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 959.5 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=959 MB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 3.7 GB) (Disk ID: 5F2DC196)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka 15.05.2015 19:29
Hi,

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-2867973987-743759374-2304721918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2867973987-743759374-2304721918-1000 -> {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=b
SearchScopes: HKU\S-1-5-21-2867973987-743759374-2304721918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky
Task: {63D947D3-9969-4DDC-93FD-43667296B16F} - \Driver Booster SkipUAC (Laptop 1) No Task File
Task: {6640C8F3-7FA6-484C-A347-E6E2F888A40D} - \Driver Booster Update No Task File
Task: {6F6EBF85-1B15-42D7-AA7A-DFF506C5FE05} - System32\Tasks\{09743F53-7334-40CF-8B80-2789E155AFE3} => pcalua.exe -a "C:\Users\Laptop 1\Downloads\Adaware_Installer.exe" -d "C:\Users\Laptop 1\Downloads"
Task: {70A5C9DE-D96C-4DBC-B769-BB29D2D115B5} - \Driver Booster Scan No Task File
Task: {751B5137-9CEC-4818-ADBD-428A379E3B1D} - \SpyHunter4Startup No Task File
C:\Windows\Installer\MSIFB4A.tmp
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.

Code:
Java 8 Update 31 (64-bit)
Java 8 Update 31
Deinstallieren und bei Bedarf mit der aktuellen Version ersetzen.

Bitte überprüfen ob die Systemwiederherstellung wirklich deaktiviert ist. Falls nicht, besser aktivieren.

>>clean<<
Wir haben es geschafft! :abklatsch:
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)



http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.


http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.

Meine Kauf-Empfehlung:

http://deeprybka.trojaner-board.de/eset/ESS.png
ESET Smart Security

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131