Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Internet sehr langsam (https://www.trojaner-board.de/172796-windows-7-internet-sehr-langsam.html)

fibonacciii 06.11.2015 19:19
Windows 7: Internet sehr langsam
 
Liste der Anhänge anzeigen (Anzahl: 1)
Guten Abend,
bin durch google auf euch aufmerksam geworden. bitte um eure hilfe.
Seit kurzem ist mein internet sehr langsam obwohl mein router 12000 kbits anzeigt.
seitens telekom wurde kein fehler festgestellt der support MA hat mich auf malware hingewiesen.

Ich danke im voraus für eure hilfe.

schönes wochenende

schrauber 06.11.2015 19:25
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

fibonacciii 06.11.2015 19:44
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-11-06 19:13:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.51.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\MG55\AppData\Local\Temp\kwldypod.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                              00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                              00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                              00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                          00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                          00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                    00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                              00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                  00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                              00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                          00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                          00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                            00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                              00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                            00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                            00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                              00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                        00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                              00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                        00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                              00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                  00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                            00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                              00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                              00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                            00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                        00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1712] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                        00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                  00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                    00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                  00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                  00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                    00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                              00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                    00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                              00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                    00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                        00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                  00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                    00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                      00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                    00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                  00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                              00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                              00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                      00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                        00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                      00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                      00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                        00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                  00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                        00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                  00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                        00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                            00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                      00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                        00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                          00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                        00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                      00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                  00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2384] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                  00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                          00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                            00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                          00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                          00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                              00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                      00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                              00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                      00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                            00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                  00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                          00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                            00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                            00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                          00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                      00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                      00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                              00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                              00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                              00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                          00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                          00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                    00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                              00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                  00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                              00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                          00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                          00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                                              00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                                                00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                                              00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                                              00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                                                00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                          00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                                                00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                          00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                                                00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                                    00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                                              00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                                                00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                                  00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                                                00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                                              00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                                          00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\Steam.exe[4408] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                                          00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                        00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                          00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                        00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                        00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                          00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                    00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                          00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                    00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                          00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                              00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                        00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                          00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                            00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                          00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                        00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                    00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                    00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                          00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                            00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                          00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                          00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                              00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                      00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                              00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                      00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                            00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                  00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                          00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                            00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                            00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                          00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                      00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                      00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                      00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                        00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                      00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                      00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                          00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                  00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                          00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                  00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                        00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                              00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                      00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                        00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                            00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                        00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                      00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                  00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4500] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                  00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                  00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                    00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                            00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                    00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                            00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                  00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                        00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                  00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                      00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                  00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                            00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                            00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                          00000000752f1401 2 bytes JMP 762bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                            00000000752f1419 2 bytes JMP 762bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                          00000000752f1431 2 bytes JMP 76338fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                          00000000752f144a 2 bytes CALL 7629489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                            00000000752f14dd 2 bytes JMP 763388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                      00000000752f14f5 2 bytes JMP 76338aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                            00000000752f150d 2 bytes JMP 763387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                      00000000752f1525 2 bytes JMP 76338b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                            00000000752f153d 2 bytes JMP 762afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                00000000752f1555 2 bytes JMP 762b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                          00000000752f156d 2 bytes JMP 76339089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                            00000000752f1585 2 bytes JMP 76338bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                              00000000752f159d 2 bytes JMP 7633877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                            00000000752f15b5 2 bytes JMP 762afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                          00000000752f15cd 2 bytes JMP 762bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                      00000000752f16b2 2 bytes JMP 76338f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5580] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                      00000000752f16bd 2 bytes JMP 76338713 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Process  \\?\C:\Windows\system32\wbem\WMIADAP.EXE (*** suspicious ***) @ \\?\C:\Windows\system32\wbem\WMIADAP.EXE [3260] (WMI Reverse Performance Adapter Maintenance Utility/Microsoft Corporation)(2009-07-13 23:47:22)  00000000ff9c0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BITS@Start                                                                                                                                                                3
Reg      HKLM\SYSTEM\CurrentControlSet\services\BITS                                                                                                                                                                     

---- EOF - GMER 2.1 ----

fibonacciii 06.11.2015 19:46
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
durchgeführt von MG55 (Administrator) auf MG55-PC (06-11-2015 18:51:47)
Gestartet von C:\Users\MG55\Desktop
Geladene Profile: MG55 (Verfügbare Profile: MG55 & test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-895534570-897174321-2689268582-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-02-12] (TomTom)
HKU\S-1-5-21-895534570-897174321-2689268582-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3011152 2015-11-05] (Valve Corporation)
HKU\S-1-5-21-895534570-897174321-2689268582-1000\...\Run: [Facebook Update] => C:\Users\MG55\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-11-12] (Facebook Inc.)
HKU\S-1-5-21-895534570-897174321-2689268582-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{9FB298C1-EA17-49D4-A37A-2B20531A91AA}: [NameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-895534570-897174321-2689268582-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-16] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-16] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\MG55\AppData\Roaming\Mozilla\Firefox\Profiles\aos6b753.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2013-04-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-895534570-897174321-2689268582-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\MG55\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-895534570-897174321-2689268582-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MG55\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF Extension: Adblock Plus - C:\Users\MG55\AppData\Roaming\Mozilla\Firefox\Profiles\aos6b753.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240360 2015-09-21] (Avira Operations GmbH & Co. KG)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-08-27] (Portrait Displays, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-09-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-09-25] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20784 2012-04-16] (Portrait Displays, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
U3 aswMBR; \??\C:\Users\MG55\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\MG55\AppData\Local\Temp\aswVmm.sys [X]
U3 kwldypod; \??\C:\Users\MG55\AppData\Local\Temp\kwldypod.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-06 18:51 - 2015-11-06 18:52 - 00017302 _____ C:\Users\MG55\Desktop\FRST.txt
2015-11-06 18:51 - 2015-11-06 18:51 - 00000000 ____D C:\FRST
2015-11-06 18:50 - 2015-11-06 18:50 - 00000470 _____ C:\Users\MG55\Desktop\defogger_disable.log
2015-11-06 18:50 - 2015-11-06 18:50 - 00000000 _____ C:\Users\MG55\defogger_reenable
2015-11-06 18:46 - 2015-11-06 18:47 - 02198528 _____ (Farbar) C:\Users\MG55\Desktop\FRST64.exe
2015-11-06 18:46 - 2015-11-06 18:46 - 00050477 _____ C:\Users\MG55\Desktop\Defogger.exe
2015-11-06 18:44 - 2015-11-06 18:44 - 00380416 _____ C:\Users\MG55\Desktop\Gmer-19357.exe
2015-11-06 18:32 - 2015-11-06 18:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-06 18:32 - 2015-11-06 18:32 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-11-06 18:32 - 2015-11-06 18:32 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-11-06 18:32 - 2015-11-06 18:32 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-06 18:32 - 2015-11-06 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-11-06 18:32 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-11-06 18:30 - 2015-11-06 18:30 - 00002399 _____ C:\Users\MG55\Desktop\aswMBR.txt
2015-11-06 18:30 - 2015-11-06 18:30 - 00000512 _____ C:\Users\MG55\Desktop\MBR.dat
2015-11-06 17:45 - 2015-11-06 17:46 - 00276280 _____ C:\Windows\Minidump\110615-26379-01.dmp
2015-11-06 17:25 - 2015-11-06 17:28 - 05198336 _____ (AVAST Software) C:\Users\MG55\Desktop\aswMBR.exe
2015-11-06 17:22 - 2015-11-06 17:22 - 00000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2015-11-06 17:22 - 2015-11-06 17:22 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla
2015-11-06 17:21 - 2015-11-06 17:21 - 00000000 ____D C:\Users\test\AppData\Local\GWX
2015-11-06 17:20 - 2015-11-06 17:21 - 00000000 ____D C:\Users\test\AppData\Local\Htc
2015-11-06 17:20 - 2015-11-06 17:20 - 00001385 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-06 17:20 - 2015-11-06 17:20 - 00000020 ___SH C:\Users\test\ntuser.ini
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\Vorlagen
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\Startmenü
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\Netzwerkumgebung
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\Lokale Einstellungen
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\Eigene Dateien
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\Druckumgebung
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\Documents\Eigene Musik
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\Documents\Eigene Bilder
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\AppData\Local\Verlauf
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\AppData\Local\Anwendungsdaten
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 _SHDL C:\Users\test\Anwendungsdaten
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test\AppData\Roaming\OEM
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test\AppData\Roaming\HTC
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test\AppData\Roaming\CyberLink
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test\AppData\Roaming\Apple Computer
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test\AppData\Local\MediaServer
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test\AppData\Local\clear.fi
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test\AppData\Local\Acer
2015-11-06 17:20 - 2015-11-06 17:20 - 00000000 ____D C:\Users\test
2015-11-06 17:20 - 2013-04-04 22:35 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2015-11-06 17:20 - 2012-11-12 17:36 - 00002124 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-11-06 17:20 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-06 17:20 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-06 17:18 - 2015-11-06 17:30 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\MG55\Downloads\spybot-2.4.exe
2015-11-06 16:49 - 2015-11-06 16:56 - 00000000 ____D C:\AdwCleaner
2015-11-06 16:41 - 2015-11-06 16:42 - 01713664 _____ C:\Users\MG55\Downloads\adwcleaner_5.018.exe
2015-11-06 16:07 - 2015-11-06 16:14 - 21650338 _____ C:\Users\MG55\Downloads\MAMPR214101L.rar
2015-11-06 15:53 - 2015-11-06 17:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-06 15:52 - 2015-11-06 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-06 15:52 - 2015-11-06 15:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-06 15:52 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-06 15:52 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-06 15:23 - 2015-11-06 15:23 - 01466656 _____ C:\Users\MG55\Downloads\HijackThis - CHIP-Installer.exe
2015-11-04 11:56 - 2015-11-05 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-29 15:03 - 2015-10-29 15:04 - 117766424 _____ (Apple Inc.) C:\Users\MG55\Downloads\iTunesSetup.exe
2015-10-29 14:57 - 2015-10-29 14:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-29 14:55 - 2015-10-29 14:55 - 00000000 ____D C:\Program Files\Bonjour
2015-10-29 14:55 - 2015-10-29 14:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-29 14:50 - 2015-10-29 14:53 - 167839512 _____ (Apple Inc.) C:\Users\MG55\Downloads\iTunes6464Setup(2).exe
2015-10-16 04:02 - 2015-10-16 04:02 - 00000000 ____D C:\Users\MG55\AppData\Roaming\Sun
2015-10-16 04:02 - 2015-10-16 04:02 - 00000000 ____D C:\Users\MG55\.oracle_jre_usage
2015-10-15 12:10 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 12:10 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 12:10 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 12:10 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 12:10 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 12:10 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 12:10 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 13:47 - 2015-09-18 20:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 13:47 - 2015-09-18 19:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 13:47 - 2015-09-16 05:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 13:47 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 13:47 - 2015-09-16 05:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 13:47 - 2015-09-16 05:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 13:47 - 2015-09-16 05:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 13:47 - 2015-09-16 05:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 13:47 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 13:47 - 2015-09-16 05:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 13:47 - 2015-09-16 05:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 13:47 - 2015-09-16 05:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 13:47 - 2015-09-16 05:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 13:47 - 2015-09-16 05:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 13:47 - 2015-09-16 05:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 13:47 - 2015-09-16 05:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 13:47 - 2015-09-16 05:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 13:47 - 2015-09-16 05:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 13:47 - 2015-09-16 05:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 13:47 - 2015-09-16 05:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 13:47 - 2015-09-16 04:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 13:47 - 2015-09-16 04:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 13:47 - 2015-09-16 04:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 13:47 - 2015-09-16 04:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 13:47 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 13:47 - 2015-09-16 04:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 13:47 - 2015-09-16 04:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 13:47 - 2015-09-16 04:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 13:47 - 2015-09-16 04:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 13:47 - 2015-09-16 04:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 13:47 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 13:47 - 2015-09-16 04:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 13:47 - 2015-09-16 04:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 13:47 - 2015-09-16 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 13:47 - 2015-09-16 04:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 13:47 - 2015-09-16 04:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 13:47 - 2015-09-16 04:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 13:47 - 2015-09-16 04:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 13:47 - 2015-09-16 04:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 13:47 - 2015-09-16 04:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 13:47 - 2015-09-16 04:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 13:47 - 2015-09-16 04:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 13:47 - 2015-09-16 04:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 13:47 - 2015-09-16 04:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 13:47 - 2015-09-16 04:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 13:47 - 2015-09-16 04:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 13:47 - 2015-09-16 04:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 13:47 - 2015-09-16 04:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 13:47 - 2015-09-16 04:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 13:47 - 2015-09-16 04:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 13:47 - 2015-09-16 04:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 13:47 - 2015-09-16 04:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 13:47 - 2015-09-16 04:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 13:47 - 2015-09-16 04:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 13:47 - 2015-09-16 03:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 13:47 - 2015-09-16 03:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 13:47 - 2015-09-16 03:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 13:47 - 2015-09-16 03:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 13:47 - 2015-09-16 03:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 13:47 - 2015-09-16 03:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 13:47 - 2015-09-16 03:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 13:47 - 2015-09-16 03:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 13:47 - 2015-09-16 03:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 13:47 - 2015-09-16 03:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 13:47 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 13:47 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 13:47 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 13:47 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 13:46 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 13:46 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 13:46 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:46 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:46 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 13:46 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 13:46 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:46 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 13:46 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 13:46 - 2015-09-29 04:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:46 - 2015-09-29 04:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 13:46 - 2015-09-29 04:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 13:46 - 2015-09-29 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 13:46 - 2015-09-29 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 13:46 - 2015-09-29 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 13:46 - 2015-09-29 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 13:46 - 2015-09-29 04:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 13:46 - 2015-09-29 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 13:46 - 2015-09-29 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 13:46 - 2015-09-29 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 13:46 - 2015-09-29 04:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 13:46 - 2015-09-29 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 13:46 - 2015-09-29 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 13:46 - 2015-09-29 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 13:46 - 2015-09-29 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 13:46 - 2015-09-29 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 13:46 - 2015-09-29 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 13:46 - 2015-09-29 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 13:46 - 2015-09-29 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 13:46 - 2015-09-29 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 13:46 - 2015-09-29 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 13:46 - 2015-09-29 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 13:46 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 13:46 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 13:46 - 2015-09-29 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 13:46 - 2015-09-29 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 13:46 - 2015-09-29 04:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 13:46 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 13:46 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 13:46 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 13:46 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 13:46 - 2015-09-29 03:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 13:46 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 13:46 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 13:46 - 2015-09-29 03:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 13:46 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 13:46 - 2015-09-29 03:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 13:46 - 2015-09-29 03:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 13:46 - 2015-09-29 03:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 13:46 - 2015-09-29 03:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 13:46 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 13:46 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 02:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 13:46 - 2015-09-29 02:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 13:46 - 2015-09-29 02:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 13:46 - 2015-09-29 02:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 13:46 - 2015-09-29 02:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 13:46 - 2015-09-29 02:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 02:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 02:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:46 - 2015-09-29 02:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:46 - 2015-09-25 19:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 13:46 - 2015-09-25 19:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 13:46 - 2015-09-25 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 13:46 - 2015-09-25 19:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 13:46 - 2015-09-25 19:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 13:46 - 2015-09-25 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 13:46 - 2015-09-25 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 13:46 - 2015-09-25 19:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 13:46 - 2015-09-25 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:46 - 2015-09-25 19:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 13:46 - 2015-09-25 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:46 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 13:46 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 13:46 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 13:46 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 13:46 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 13:46 - 2015-09-15 19:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 13:46 - 2015-09-15 19:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 13:46 - 2015-09-15 19:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 13:46 - 2015-09-15 19:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 13:46 - 2015-09-15 19:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 13:46 - 2015-09-15 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 13:46 - 2015-09-15 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 13:46 - 2015-09-15 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 13:46 - 2015-09-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 13:46 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 13:46 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 13:46 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 13:46 - 2015-09-15 18:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:45 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-10 13:54 - 2015-10-10 13:54 - 00000000 ____D C:\Users\MG55\AppData\Roaming\EncryptStick

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-06 18:50 - 2012-07-04 11:35 - 00000000 ____D C:\Users\MG55
2015-11-06 18:40 - 2013-09-28 14:36 - 00011732 _____ C:\Users\MG55\Downloads\hijackthis.log
2015-11-06 18:16 - 2009-07-14 05:51 - 00342415 _____ C:\Windows\setupact.log
2015-11-06 18:15 - 2012-08-12 12:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-06 17:55 - 2009-07-14 05:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-06 17:55 - 2009-07-14 05:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-06 17:53 - 2012-03-03 07:05 - 00699884 _____ C:\Windows\system32\perfh007.dat
2015-11-06 17:53 - 2012-03-03 07:05 - 00149766 _____ C:\Windows\system32\perfc007.dat
2015-11-06 17:53 - 2009-07-14 06:13 - 01622300 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-06 17:50 - 2012-03-06 22:50 - 01187266 _____ C:\Windows\WindowsUpdate.log
2015-11-06 17:47 - 2012-07-04 11:51 - 00000000 ____D C:\ProgramData\clear.fi
2015-11-06 17:46 - 2013-04-04 22:38 - 00000000 ____D C:\Users\MG55\AppData\Local\Htc
2015-11-06 17:46 - 2012-07-21 15:04 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-06 17:45 - 2013-07-01 22:25 - 692627387 _____ C:\Windows\MEMORY.DMP
2015-11-06 17:45 - 2013-07-01 22:25 - 00000000 ____D C:\Windows\Minidump
2015-11-06 17:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-06 17:40 - 2012-11-12 17:35 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-895534570-897174321-2689268582-1000UA.job
2015-11-06 17:40 - 2012-11-12 17:35 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-895534570-897174321-2689268582-1000Core.job
2015-11-06 16:57 - 2010-11-21 04:47 - 00651580 _____ C:\Windows\PFRO.log
2015-11-06 16:28 - 2012-11-12 18:06 - 00000000 ____D C:\Windows\ru
2015-11-06 15:52 - 2013-09-28 15:18 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-06 15:52 - 2013-09-28 15:18 - 00000000 ____D C:\Users\MG55\AppData\Roaming\Malwarebytes
2015-11-06 15:52 - 2013-09-28 15:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-05 11:02 - 2012-07-04 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 12:02 - 2015-06-03 12:51 - 00000755 _____ C:\Windows\wininit.ini
2015-11-04 10:14 - 2012-07-04 12:50 - 00000000 ____D C:\Users\MG55\AppData\Roaming\Winamp
2015-11-03 01:08 - 2015-09-19 08:31 - 00001142 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-03 01:08 - 2015-07-23 15:41 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-03 01:08 - 2015-07-23 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-01 21:02 - 2015-07-01 01:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-01 21:02 - 2015-01-29 09:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-29 15:13 - 2013-04-09 22:55 - 00000000 ____D C:\ProgramData\Apple Computer
2015-10-29 15:13 - 2013-04-09 22:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-29 14:57 - 2013-04-09 22:54 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-17 12:15 - 2012-08-12 12:43 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 12:15 - 2012-08-12 12:43 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 12:15 - 2012-08-12 12:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 04:03 - 2014-11-08 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-16 04:03 - 2014-11-08 12:53 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-16 04:03 - 2013-11-13 07:58 - 00000000 ____D C:\ProgramData\Oracle
2015-10-16 04:02 - 2014-11-08 12:53 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-16 02:00 - 2014-12-11 22:17 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-16 02:00 - 2014-05-07 00:47 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 05:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-10-14 19:44 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 19:41 - 2012-07-07 10:45 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-10 14:25 - 2013-11-17 18:13 - 00000000 ____D C:\Users\MG55\Desktop\MEMO
2015-10-10 14:22 - 2012-07-04 12:27 - 00000000 ____D C:\Users\MG55\AppData\Roaming\DVDVideoSoft
2015-10-09 21:16 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-09 02:00 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-26 18:41 - 2014-06-22 17:10 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-04-24 12:01 - 2014-04-24 12:01 - 0000045 _____ () C:\Users\MG55\AppData\Roaming\WB.CFG
2014-11-01 11:15 - 2014-11-01 11:15 - 0004608 _____ () C:\Users\MG55\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-07 01:18 - 2012-09-07 01:18 - 0000000 _____ () C:\ProgramData\7s6pvL8Q.dat
2012-03-06 23:18 - 2012-03-06 23:19 - 0002640 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-09-07 01:17 - 2012-09-07 01:17 - 0000001 _____ () C:\ProgramData\Sqk3XAQA.exe.b
2012-09-07 01:17 - 2012-09-07 01:17 - 0000001 _____ () C:\ProgramData\Sqk3XAQA.exe_.b

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\7s6pvL8Q.dat


Einige Dateien in TEMP:
====================
C:\Users\MG55\AppData\Local\Temp\avgnt.exe
C:\Users\MG55\AppData\Local\Temp\avguidx.dll
C:\Users\MG55\AppData\Local\Temp\CommonInstaller.exe
C:\Users\MG55\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\MG55\AppData\Local\Temp\GUninstaller.exe
C:\Users\MG55\AppData\Local\Temp\iGearedHelper.dll
C:\Users\MG55\AppData\Local\Temp\installhelper.dll
C:\Users\MG55\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\MG55\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\MG55\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\MG55\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\MG55\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\MG55\AppData\Local\Temp\oi_{CB1185EE-7CD1-48E1-A5DF-73FE0C49A18F}.exe
C:\Users\MG55\AppData\Local\Temp\setup.exe
C:\Users\MG55\AppData\Local\Temp\sqlite3.dll
C:\Users\MG55\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\MG55\AppData\Local\Temp\tmd_34013590.exe
C:\Users\MG55\AppData\Local\Temp\tmd_34018441.exe
C:\Users\MG55\AppData\Local\Temp\tmd_34018595.exe
C:\Users\MG55\AppData\Local\Temp\tmd_34019076.exe
C:\Users\MG55\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\MG55\AppData\Local\Temp\uninst1.exe
C:\Users\MG55\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\MG55\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\MG55\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\MG55\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\MG55\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\MG55\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\MG55\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\test\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-31 01:42

==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-11-2015
durchgeführt von MG55 (2015-11-06 18:52:19)
Gestartet von C:\Users\MG55\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-04 10:35:25)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-895534570-897174321-2689268582-500 - Administrator - Disabled)
Gast (S-1-5-21-895534570-897174321-2689268582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-895534570-897174321-2689268582-1002 - Limited - Enabled)
MG55 (S-1-5-21-895534570-897174321-2689268582-1000 - Administrator - Enabled) => C:\Users\MG55
test (S-1-5-21-895534570-897174321-2689268582-1003 - Limited - Enabled) => C:\Users\test

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{81D00339-968D-15D1-3499-8431658E896F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Argazki Galeria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{d6a7cfcc-1f1c-4638-8f9e-0f184696fcdb}) (Version: 1.1.48.9049 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.48.9049 - Avira Operations GmbH & Co. KG) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2428.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2428.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free DVD Video Converter version 2.0.13.320 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.13.320 - DVDVideoSoft Ltd.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.0.1.1001 - DVDVideoSoft Ltd.)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotogràfica (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.1.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{B78CFC07-B623-4995-ADCC-B2B4D59D083A}) (Version: 3.3.21 - HTC Corporation)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-895534570-897174321-2689268582-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pivot Pro Plugin (x32 Version: 9.50.110 - Portrait Displays, Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
SDK (x32 Version: 2.31.009 - Portrait Displays, Inc.) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartControl (HKLM-x32\...\{F4EF231A-7218-41B1-AB84-F5B48B74C50A}) (Version: 2.20.024 - Portrait Displays, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14484 - TeamViewer)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.4 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-895534570-897174321-2689268582-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-895534570-897174321-2689268582-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 16.4.3505.0912 - Корпорация Майкрософт) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

27-10-2015 17:13:20 Windows Update
29-10-2015 14:57:53 Installed iTunes
29-10-2015 14:58:39 Removed Apple Application Support (32-Bit)
29-10-2015 15:09:27 Installed iTunes
30-10-2015 18:59:41 Windows Update
03-11-2015 10:46:30 Windows Update
06-11-2015 13:44:45 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03910B3A-DA3C-4275-A9BE-0B99FDF388C9} - System32\Tasks\{8EA204AA-0A61-4572-B524-F4067B8763F4} => C:\Program Files (x86)\Steam\Steam.exe [2015-11-05] (Valve Corporation)
Task: {0548B719-C48E-4AEE-8403-7501D1F7435B} - System32\Tasks\{C1AA731F-BA49-49EA-9DDE-F1A3D8C5731F} => C:\Program Files (x86)\Steam\Steam.exe [2015-11-05] (Valve Corporation)
Task: {2FEA17A9-478E-403A-BF58-E0C6AC903436} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-12-28] (CyberLink)
Task: {3402543B-4D38-4F82-BA05-1299C49B8753} - System32\Tasks\{A88AAC4E-73AD-4F6B-B2BF-0537843A2184} => C:\Program Files (x86)\Steam\Steam.exe [2015-11-05] (Valve Corporation)
Task: {71D499A4-E14F-450F-9033-321BCA1069D8} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {775051FD-383D-4522-BDE5-6B4F960B1675} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-12-28] (CyberLink Corp.)
Task: {82F29489-408C-4569-A8E0-150DF7495CD1} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-12-28] (Acer Incorporated)
Task: {880283B4-C36E-4BB5-864D-D2A4608858D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {88E4E26D-66F8-4DF7-8D82-33BCAC385165} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {9717A7EE-D492-434D-86CA-838C7AE26740} - System32\Tasks\{4C2189B6-AFFC-40AE-9A36-CAF9946F2BA0} => C:\Program Files (x86)\Steam\Steam.exe [2015-11-05] (Valve Corporation)
Task: {9DDF7804-0B62-4ADA-B852-7178C3A6956A} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {B3EED426-2453-4624-B88E-F180B1A7AF45} - System32\Tasks\{9C495181-A1DD-4A7E-A625-D9D5EE226DCE} => C:\Program Files (x86)\Steam\Steam.exe [2015-11-05] (Valve Corporation)
Task: {B6EB0004-9194-4558-8942-03EA5850038D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-895534570-897174321-2689268582-1000Core => C:\Users\MG55\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-12] (Facebook Inc.)
Task: {D0B89892-CF18-4F6F-93DA-E1975B905CFF} - System32\Tasks\{ABC120B4-9A07-41C8-9D7D-2995BCEC240E} => C:\Program Files (x86)\Steam\Steam.exe [2015-11-05] (Valve Corporation)
Task: {D79D4D56-AE73-4B24-B8A7-05795B2D3A0C} - System32\Tasks\{2416A44C-B97A-4D38-ADB3-60F110CE3595} => C:\Program Files (x86)\Steam\Steam.exe [2015-11-05] (Valve Corporation)
Task: {DFECE80C-4D5D-49F8-83B3-B1D523FCFFFF} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {E13742F3-E277-4C03-B917-7B53E488F3CA} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-12-12] ()
Task: {E9FD5BFF-B3B1-48A6-A537-C1A5A30E9404} - System32\Tasks\{60E196B9-7721-4E26-8DA4-86899B6696DE} => pcalua.exe -a C:\Users\MG55\Desktop\CanonDrucker1.10.exe -d C:\Users\MG55\Desktop
Task: {F0B0F3BE-8DD0-44B1-B4E7-64B0E851C15F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-895534570-897174321-2689268582-1000UA => C:\Users\MG55\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-12] (Facebook Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-895534570-897174321-2689268582-1000Core.job => C:\Users\MG55\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-895534570-897174321-2689268582-1000UA.job => C:\Users\MG55\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-04-04 22:36 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2009-01-22 00:45 - 2009-01-22 00:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-08-11 04:58 - 2011-08-11 04:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2012-12-12 13:56 - 2012-12-12 13:56 - 00655360 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-12-29 10:23 - 2011-12-29 10:23 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-03-12 17:10 - 2015-10-05 17:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-21 15:38 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-21 15:38 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-21 15:38 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 08:43 - 2015-11-05 17:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-15 19:05 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-15 19:05 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-15 19:05 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-15 19:05 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-15 19:05 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-07-21 15:09 - 2015-11-05 17:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-24 11:36 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2012-03-06 23:18 - 2011-12-28 03:47 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-08-11 04:57 - 2011-08-11 04:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2012-12-12 13:56 - 2012-12-12 13:56 - 00028672 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2012-12-12 13:56 - 2012-12-12 13:56 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2012-12-12 13:56 - 2012-12-12 13:56 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2012-12-12 13:56 - 2012-12-12 13:56 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2012-12-12 13:56 - 2012-12-12 13:56 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2012-12-12 13:56 - 2012-12-12 13:56 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2012-12-12 13:56 - 2012-12-12 13:56 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2012-12-12 13:56 - 2012-12-12 13:56 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2012-07-21 15:09 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-16 14:14 - 2014-10-16 14:14 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-03-06 22:58 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-11-06 18:32 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-11-06 18:32 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-11-06 18:32 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-11-06 18:32 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-895534570-897174321-2689268582-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MG55\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: DT PLP => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PivotSoftware => "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{94CAA6C1-26FB-49C6-9FA9-EC7A3DD271E5}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4839D2F9-7DFE-4468-9715-FB736666D338}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A3B17A4A-C493-4807-9243-386204D15A8C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{84ADCB76-FF0A-412C-89E7-626DDAF436BB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{ED41EE5D-875C-4029-AEA4-DD692B0027F9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{DAC7E72E-B438-412E-AE53-583DBC37517C}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{17B7102C-AC28-4957-BCBD-9E1A55B453E0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{4A6383BA-5A5A-46A0-A9F3-AB631DFBEA60}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{5B30129A-5254-4A2A-8A79-6FB49185B4F3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{C801D572-3FEF-4120-B6F3-6AFA528D272C}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{50DBB083-5A52-4728-B7FF-8602968894F4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{A4F23F32-64DA-46BA-A12C-582636B9A241}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{2C590661-D9DA-46D1-B4E5-8DB80E41CF13}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{63D2925D-CBA8-4757-9E44-E68642C838DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{30E9CD21-BFF9-4249-85DA-FD6DD7C42128}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\m_g_55\day of defeat source\hl2.exe
FirewallRules: [{4DCAF785-9850-4F6B-BDD8-CB87A0924D94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\m_g_55\day of defeat source\hl2.exe
FirewallRules: [{0E8B0F28-FFBD-41B8-AA35-3A8D2E4AB164}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{29E40486-1BCE-4170-8F47-BCD1B200390F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{8E3D1365-D142-4745-BB5C-BC5BFCEA9CE7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{DC8FAF52-F03C-42C4-8A38-C37F8300FF53}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{5273A3C0-F03E-4DEA-9F44-DAB02C6B13B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\m_g_55\counter-strike source\hl2.exe
FirewallRules: [{CD51F625-0DCC-4841-AD42-94E83DE24B4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\m_g_55\counter-strike source\hl2.exe
FirewallRules: [{42C8C326-46CD-4CF7-8152-C3BDE4FF707C}] => (Allow) C:\Users\MG55\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D8DD8262-AD68-4A2C-A047-D76F86966EA7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B91B31E3-5EC8-4974-B735-F7DE148F5F3E}] => (Allow) LPort=2869
FirewallRules: [{7D0A12BA-6EB1-430A-8529-B24FD3837CA7}] => (Allow) LPort=1900
FirewallRules: [{D00B2DD7-BD0B-44C7-B41B-8E366CFBEDA0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D9B26735-0E8E-4CF2-A5B6-D2A981CF2C9A}] => (Allow) C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
FirewallRules: [{E5D31366-A6EE-4A39-8C55-208E8E7A0120}] => (Allow) C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
FirewallRules: [{88061647-F6CE-45FF-B508-5914D6E963C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DDC2110E-899C-4545-B4EC-D9B449E4EA27}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{21F70B0B-FA42-4EC0-B603-1B07AF7DFDDF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0619087C-4540-4C35-A773-CC8825FF96FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{FD84EA2F-728B-4ECB-BE2E-4F4B05CD4D52}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{C6C8BE62-FD4C-494C-AC16-46ACB67CEDF9}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{F7244638-8C93-4D3B-8D84-5C618BBA43CC}] => (Allow) C:\Users\MG55\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{6FAD0B55-A24D-4B89-8AE8-2AE7077FF503}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EEB959BD-BEDE-4EC8-86E3-152B6A15DF07}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{311528F5-663E-4578-9980-FD5B833CB190}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{805C1233-7F8A-461C-9F68-06BA0095ADD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{19827239-33A3-4682-850E-DCF3516376F7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B5ADC0CA-0985-4020-AD0F-A813911B3696}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{115EDFF0-0E6F-4E3D-83F6-49A55E266CAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{559B9282-8E0E-4EC1-9A80-5B6C9EE31DB3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{078D887F-F2F9-4269-BC73-6504FA70BED4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D14A6C63-4B7D-4021-82CA-68324B106FE1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F3D7B60B-75B7-4F71-A0A3-9844619E2D79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42C41864-D2DF-4146-BB6E-1F09CAA91AB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E0995F5-BD56-44CB-8D68-FEB141472D58}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{ADFA14AF-BBD5-428B-BC92-9076C997BB02}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{2EF5B0D1-6868-4304-A7B7-502C478869CC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{4E145192-A5C0-477F-8071-224F124FE79D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{0545AF39-6576-4534-8BA6-066D407A7039}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/06/2015 05:46:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 04:59:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 04:29:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 03:37:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 02:40:05 PM) (Source: Google Update) (EventID: 20) (User: MG55-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (11/06/2015 02:20:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x56130448
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1928
Startzeit der fehlerhaften Anwendung: 0xhl2.exe0
Pfad der fehlerhaften Anwendung: hl2.exe1
Pfad des fehlerhaften Moduls: hl2.exe2
Berichtskennung: hl2.exe3

Error: (11/05/2015 08:59:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x56130448
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1128
Startzeit der fehlerhaften Anwendung: 0xhl2.exe0
Pfad der fehlerhaften Anwendung: hl2.exe1
Pfad des fehlerhaften Moduls: hl2.exe2
Berichtskennung: hl2.exe3

Error: (11/05/2015 11:08:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Name des fehlerhaften Moduls: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Ausnahmecode: 0x40000015
Fehleroffset: 0x00052d24
ID des fehlerhaften Prozesses: 0x1424
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (11/05/2015 11:03:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2015 09:55:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (11/06/2015 05:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (11/06/2015 05:46:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device Service erreicht.

Error: (11/06/2015 05:46:01 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000101 (0x0000000000000031, 0x0000000000000000, 0xfffff880009f3180, 0x0000000000000001)C:\Windows\MEMORY.DMP110615-26379-01

Error: (11/06/2015 05:45:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎11.‎2015 um 17:43:18 unerwartet heruntergefahren.

Error: (11/06/2015 05:05:40 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (11/06/2015 04:58:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (11/06/2015 04:58:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (11/06/2015 04:58:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device Service erreicht.

Error: (11/06/2015 04:57:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (11/06/2015 04:57:16 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


CodeIntegrity:
===================================
  Date: 2015-04-30 23:51:42.012
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-30 23:51:41.972
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Prozentuale Nutzung des RAM: 39%
Installierter physikalischer RAM: 8172.26 MB
Verfügbarer physikalischer RAM: 4978.04 MB
Summe virtueller Speicher: 16342.72 MB
Verfügbarer virtueller Speicher: 12173.75 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:455.95 GB) (Free:215 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.46 GB) (Free:456.32 GB) NTFS
Drive f: () (Fixed) (Total:97.65 GB) (Free:25.27 GB) NTFS
Drive g: (Daten) (Fixed) (Total:135.22 GB) (Free:90.7 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 51658392)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 16701670)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

fibonacciii 07.11.2015 15:38
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:28, on 06.11.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Users\MG55\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\MG55\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB298C1-EA17-49D4-A37A-2B20531A91AA}: NameServer = 192.168.2.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Druckwarteschlange (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11730 bytes
ich komm einfach nicht weiter.

schrauber 08.11.2015 06:55
hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131