Trojaner-Board
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Vermutung an Trojaner oder Virus (https://www.trojaner-board.de/175768-vermutung-trojaner-virus.html)

Speed9001 07.02.2016 12:24
Vermutung an Trojaner oder Virus
 
Ich vermute das ich mir wohl einen Trojaner oder Virus gedownloadet habe. Ich habe schon sämtliche Virenprogramme durchlaufen lassen aber die finden einfach nichts, oder anders formuliert findet schon was aber kann es nicht erntfernen. Bitte dringend um Hilfe

cosinus 07.02.2016 13:15
Und warum vermutest du das, wo doch keine Schädlinge gefunden wurden?

Speed9001 07.02.2016 13:21
Weil wenn ich im Browser bin öffnen sich dich ganze Zeit neue Tabs oder Werbungen, mein Pc braucht länger zum starten

cosinus 07.02.2016 13:27
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Speed9001 07.02.2016 13:34
Soll ich jetzt hier die Logs von den Viren Programmen posten? oder soll ich nur FRST log posten

cosinus 07.02.2016 13:46
Steht doch da: Falls du irgendwelche Virenfunde hattest, die Logs dazu posten. Aber auf jeden Fall die FRST Logs. Und alles in CODE-Tags.

Speed9001 07.02.2016 13:49
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 07.02.2016
Suchlaufzeit: 08:38:38
Protokolldatei:
Administrator: Ja

Version: 2.02.0.1024
Malware-Datenbank: v2016.02.07.01
Rootkit-Datenbank: v2016.01.20.01
Lizenz: Premium-Version
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Dom

Suchlauftyp: Benutzerdefinierter Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 719000
Abgelaufene Zeit: 2 Std., 6 Min., 25 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\dwm.exe, 3264, Löschen bei Neustart, [e8f54e0f4b4e2d09e303b856fd072ad6]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 52
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}, In Quarantäne, [efee8cd13a5f6ccaece38be27d85c23e],
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}, In Quarantäne, [efee8cd13a5f6ccaece38be27d85c23e],
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}, In Quarantäne, [efee8cd13a5f6ccaece38be27d85c23e],
PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, In Quarantäne, [9c41312c70290f27544c0d6091715ea2],
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, In Quarantäne, [9c41312c70290f27544c0d6091715ea2],
PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, In Quarantäne, [9c41312c70290f27544c0d6091715ea2],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LABTECH.EXE, In Quarantäne, [5786e8759009310529cd13bed130f709],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LABTECH.EXE, In Quarantäne, [5786e8759009310529cd13bed130f709],
PUP.Optional.BrowserAir, HKLM\SOFTWARE\BrowserAir, In Quarantäne, [4598421b47521f17958e8070b151619f],
PUP.Optional.DownChecker, HKLM\SOFTWARE\downchecker, In Quarantäne, [22bba1bc7f1a46f0ffc98e620bf7669a],
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR  , In Quarantäne, [d4091845b2e7241231f1a35c1ce730d0],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bvxvbxxvaa, Löschen bei Neustart, [b32a5eff4059d363d4671e24a85c8a76],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IBUpd, Löschen bei Neustart, [5e7f6fee158403334344e6268b790bf5],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IBUpd2, Löschen bei Neustart, [b52860fddfba9a9cd2e073d7d0341ae6],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, In Quarantäne, [48953e1fb4e514222c8f55b70400936d],
PUP.Optional.DownChecker, HKLM\SOFTWARE\WOW6432NODE\downchecker, In Quarantäne, [7d606af373269f975f694ba5db2723dd],
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\ihpmserver, In Quarantäne, [6578174607920f2716827b92010337c9],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtLabtech, In Quarantäne, [5e7f401d7b1edb5b7db03b15679da15f],
PUP.Optional.MBot, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [e3fab7a6b4e5fa3c02dff7ed4fb406fa],
PUP.Optional.MySites123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\mysites123Software, In Quarantäne, [33aa15487623c57177ef53998a78c33d],
PUP.Optional.OneSoftPerDay, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, In Quarantäne, [c914c69704956fc753e728c456ad21df],
PUP.Optional.SpaceSoundPro, HKLM\SOFTWARE\WOW6432NODE\SpaceSondPro, In Quarantäne, [8a5376e77227b0868fd630c9b84b936d],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, In Quarantäne, [33aaec7156431f179b18d6e9e3204ab6],
PUP.Optional.DeskBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\DeskBar_RASAPI32, In Quarantäne, [e3fadd80eaaff93db19e35d8a26254ac],
PUP.Optional.DeskBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\DeskBar_RASMANCS, In Quarantäne, [11cc2d30aeeb3cfac6890d00e81c41bf],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Labtech.exe, In Quarantäne, [12cb45189603c07667c5e86872924fb1],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, In Quarantäne, [2cb1d18c0594a294cbf0a06c9b698779],
PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, In Quarantäne, [c11cb0ad97026bcb91e8aa93996bd22e],
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD, In Quarantäne, [4e8f5ffec7d2092db8fa6b84748e0af6],
PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ihpmServer, In Quarantäne, [03da9fbe8f0ab2844b85e90459a98d73],
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RelevantKnowledge, In Quarantäne, [1ac39ac3cecba195d64b27cbbe458f71],
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ROWUGOQO, In Quarantäne, [84596bf2613868ce5c732fbab44fa25e],
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WUCOTUSY, In Quarantäne, [b22b1f3e3960eb4b05ca0ddc778c40c0],
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZUTUZUNI, In Quarantäne, [914cb2abeeab290da42be50456ada759],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, In Quarantäne, [18c52f2e287164d25f190cdfff03a759],
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{69684E3C-8CE0-46C2-B6ED-FAE033B0FCBD}, In Quarantäne, [d409e27b54450432e2ca467c679cb54b],
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{CEFCE10C-2F90-41CB-B072-3CDB8C15F670}, In Quarantäne, [8d5080dd5e3b86b066467a4821e21de3],
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{69684E3C-8CE0-46C2-B6ED-FAE033B0FCBD}, In Quarantäne, [15c80b520e8b2115e2ca289aaa590bf5],
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{CEFCE10C-2F90-41CB-B072-3CDB8C15F670}, In Quarantäne, [dc0149148f0af93d2884d0f2798a42be],
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{69684E3C-8CE0-46C2-B6ED-FAE033B0FCBD}, In Quarantäne, [9d40213c1e7bea4c9814348e5ca735cb],
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{CEFCE10C-2F90-41CB-B072-3CDB8C15F670}, In Quarantäne, [bf1ea4b99009af875656dae8f70cc739],
PUP.Optional.BrowserAir, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\BrowserAir, In Quarantäne, [15c879e4267387af6947f04a000429d7],
PUP.Optional.TrailerTime, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\APPDATALOW\SOFTWARE\TrailerTime, In Quarantäne, [d4090657bedb1c1abade0d3e59abb44c],
PUP.Optional.Komodia, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\INSTALLPATH\STATUS, In Quarantäne, [a23b3924871277bf853fa4a5cd37ba46],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, In Quarantäne, [c91491ccd9c0989e3032ce2333cfa35d],
PUP.Optional.BrowserAir, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserAir, In Quarantäne, [a03d9dc0ebae3bfbc871420a3bc958a8],
PUP.Optional.DeskCut, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [ae2f93ca3b5e9b9bb3fd4292cc37e11f],
PUP.Optional.OutBrowse, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\OB, In Quarantäne, [00dd4f0e0f8ace68c202cd1f7e85bf41],
PUP.Optional.Tuto4PC, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\TUTORIALS\updatetutorialeshp, In Quarantäne, [15c8e17c0099e254a8d846b9e023e020],
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\{69684E3C-8CE0-46C2-B6ED-FAE033B0FCBD}, In Quarantäne, [bc2119440891979fecc021a154af8e72],
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\{CEFCE10C-2F90-41CB-B072-3CDB8C15F670}, In Quarantäne, [ae2f0c51ecadc274adff1ba7897a60a0],
PUP.Optional.BrowserAir, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserAir, In Quarantäne, [d20b302de2b72a0ca4cf8b2f679b08f8],

Registrierungswerte: 38
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr  |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130992196231709222, In Quarantäne, [d4091845b2e7241231f1a35c1ce730d0]
PUP.Optional.Groover.BrwsrFlsh, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{94768FC1-F3F1-4A83-8A0F-CCE837F4350F}, C:\Program Files\groover060220160459\Firefox\{94768FC1-F3F1-4A83-8A0F-CCE837F4350F}.xpi, In Quarantäne, [b5282e2f1c7d1422d6da5969b251a759]
PUP.Optional.Groover.BrwsrFlsh, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{723310B3-68BE-4539-8549-4481B2F8A0B8}, C:\Program Files\groover060220160748\Firefox\{723310B3-68BE-4539-8549-4481B2F8A0B8}.xpi, In Quarantäne, [32abc7965e3b62d400b03b8734cff60a]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, In Quarantäne, [33aaec7156431f179b18d6e9e3204ab6]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}, In Quarantäne, [01dc3e1f8415bb7ba90b3b84ff04a957]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}, In Quarantäne, [5885fd601f7a1a1c169f358a7c870af6]
PUP.Optional.OneSoftPerDay, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_013010228, "C:\Program Files (x86)\ospd_us_013010228\ospd_us_013010228.exe", In Quarantäne, [4f8e19449702e155b3844d9fb44f56aa]
PUP.Optional.Groover.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{94768FC1-F3F1-4A83-8A0F-CCE837F4350F}, C:\Program Files\groover060220160459\Firefox\{94768FC1-F3F1-4A83-8A0F-CCE837F4350F}.xpi, In Quarantäne, [904db5a8415864d2b7f9784a44bfed13]
PUP.Optional.Groover.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{723310B3-68BE-4539-8549-4481B2F8A0B8}, C:\Program Files\groover060220160748\Firefox\{723310B3-68BE-4539-8549-4481B2F8A0B8}.xpi, In Quarantäne, [8459e875f2a71a1c30802f93be455ea2]
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD|dir, C:\Program Files (x86)\RayDld, In Quarantäne, [4e8f5ffec7d2092db8fa6b84748e0af6]
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rowugoqo|ImagePath, C:\Users\Dom\AppData\Local\03000200-1454749379-0500-0006-000700080009\snsuCD90.tmp, In Quarantäne, [84596bf2613868ce5c732fbab44fa25e]
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wucotusy|ImagePath, C:\Program Files (x86)\03000200-1454745702-0500-0006-000700080009\hnseEC66.tmp, In Quarantäne, [b22b1f3e3960eb4b05ca0ddc778c40c0]
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zutuzuni|ImagePath, C:\Program Files (x86)\03000200-1454745702-0500-0006-000700080009\jnsuC610.tmp, In Quarantäne, [914cb2abeeab290da42be50456ada759]
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{3652284C-5E66-4E1A-871A-9750BA314027}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe|, In Quarantäne, [ba234716a0f95fd7bec4e15a3aca8878]
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E7A3D930-C326-466D-93DD-0162A1BD6571}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe|, In Quarantäne, [c21b1944c7d2d0660a7855e6a85cf40c]
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{86422A76-AC0B-4164-AD10-D2767106B329}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe|, In Quarantäne, [b726b3aa6b2e42f4582a62d958ac3fc1]
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{47446EC6-C8F2-468D-A350-F01EFA7E21E1}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe|, In Quarantäne, [7e5fbba22772a98dc0c268d339cbf907]
PUP.Optional.MaxDriverUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{878ACE18-A2F7-4F66-A3A3-B47D679133CF}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Max Driver Updater\maxdu.exe|Name=MaxDriverUpdater|, In Quarantäne, [84594d10d3c67abc066bcc726a9acc34]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{69684E3C-8CE0-46C2-b6ED-FAE033B0FCBD}|Name, C:\Program Files\groover060220160748\Niohp.exe, In Quarantäne, [d409e27b54450432e2ca467c679cb54b]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{CEFCE10C-2F90-41CB-b072-3CDB8C15F670}|Name, C:\Program Files\groover060220160459\Catpaul.exe, In Quarantäne, [8d5080dd5e3b86b066467a4821e21de3]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{69684E3C-8CE0-46C2-b6ED-FAE033B0FCBD}|Name, C:\Program Files\groover060220160748\Niohp.exe, In Quarantäne, [15c80b520e8b2115e2ca289aaa590bf5]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{CEFCE10C-2F90-41CB-b072-3CDB8C15F670}|Name, C:\Program Files\groover060220160459\Catpaul.exe, In Quarantäne, [dc0149148f0af93d2884d0f2798a42be]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{69684E3C-8CE0-46C2-b6ED-FAE033B0FCBD}|Name, C:\Program Files\groover060220160748\Niohp.exe, In Quarantäne, [9d40213c1e7bea4c9814348e5ca735cb]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{CEFCE10C-2F90-41CB-b072-3CDB8C15F670}|Name, C:\Program Files\groover060220160459\Catpaul.exe, In Quarantäne, [bf1ea4b99009af875656dae8f70cc739]
PUP.Optional.Linkury, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\ENVIRONMENT|SNF, C:\ProgramData\Labtechs\snp.sc, In Quarantäne, [6b72114c3663ef47d07ae5fede25cb35]
PUP.Optional.Linkury, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\ENVIRONMENT|SNP, hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFAM&co=DE&userid=2ef6e4b4-bc45-f7d3-9fea-e14931b1077e&searchtype=sc&installDate=06.02.2016&barcodeid=51126003&channelid=3&av=avira, In Quarantäne, [736a71ec3366c670f95292516c9753ad]
PUP.Optional.Komodia, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\INSTALLPATH\STATUS|FlowsurfCB, P, In Quarantäne, [a23b3924871277bf853fa4a5cd37ba46]
PUP.Optional.DeskBar, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DeskBar.exe, 8888, In Quarantäne, [4796233a267368ce37f5bb8cbe4609f7]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, In Quarantäne, [c91491ccd9c0989e3032ce2333cfa35d]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}, In Quarantäne, [8d5025389aff1d194b662996db2851af]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}, In Quarantäne, [6d70a0bdfe9bd066a60cb70807fc5aa6]
PUP.Optional.DeskCut, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MOZILLA\EXTENDS|appid, deskCutv2@gmail.com, In Quarantäne, [ae2f93ca3b5e9b9bb3fd4292cc37e11f]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\OB|monitype1, 2/6/16 9:0:32, In Quarantäne, [00dd4f0e0f8ace68c202cd1f7e85bf41]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\OB|monitype2, 2/6/16 9:0:32, In Quarantäne, [6f6e56078b0e023423a1608ce51eb24e]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\OB|monitype6, 2/6/16 9:5:3, In Quarantäne, [fae371ecadec63d3edd722ca38cb57a9]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\OB|monitype15, 2/6/16 9:7:22, In Quarantäne, [f5e83b221a7f979fc400bf2d47bc5fa1]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\{69684E3C-8CE0-46C2-b6ED-FAE033B0FCBD}|Name, C:\Program Files\groover060220160748\Niohp.exe, In Quarantäne, [bc2119440891979fecc021a154af8e72]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\{CEFCE10C-2F90-41CB-b072-3CDB8C15F670}|Name, C:\Program Files\groover060220160459\Catpaul.exe, In Quarantäne, [ae2f0c51ecadc274adff1ba7897a60a0]

Registrierungsdaten: 12
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[f4e94b12f1a8d1653dae20b7b94b4bb5]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}),Ersetzt,[06d77ae39108fb3b4b9a2cab6f951ee2]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}),Ersetzt,[1bc2f96410891422fbea05d2669e46ba]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}),Ersetzt,[d904421b990076c0f4f18255c143e719]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHPjjgDVuEYkO0QwfNRcg9t9R_r7QSPrcYrbIoE8jRnjA6ws4b-w8U2N6G7Esn7Tu3eIhcPrjJ2bwMfRa1AtcsnqAOZh1LFW9w_ZtJNYlzhZ1UGHGLJWZiC_cvdZaWRIi4mITfpDtJCu8Gm1xYYF1CboEDnWYeHVjdBg847-6zllEa&q={searchTerms}),Ersetzt,[19c495c819803402d6118354ef1542be]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1235700998-711781633-2637323769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[924b61fc099048eece1af0e72bd903fd]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2A0CA051-E15A-4939-8D32-89D1DD26A106}|NameServer, 104.197.191.4, Gut: (), Schlecht: (104.197.191.4),Ersetzt,[12cbe6776138cc6a123bc11be222d52b]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3E2E42D7-2E89-460C-B08E-350755D98225}|NameServer, 104.197.191.4, Gut: (), Schlecht: (104.197.191.4),Ersetzt,[dd002637cfcab87ec28b8f4dd62e0af6]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}|NameServer, 104.197.191.4, Gut: (), Schlecht: (104.197.191.4),Ersetzt,[fedf1449aeebe74f2825ce0e7f854eb2]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{98BE0671-7976-4BAF-8258-EFCCADA692A5}|NameServer, 104.197.191.4, Gut: (), Schlecht: (104.197.191.4),Ersetzt,[3da09dc04257a98d76d703d9ee16bc44]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F95E4EC2-A13B-4F79-B08D-35254E8D4413}|NameServer, 104.197.191.4, Gut: (), Schlecht: (104.197.191.4),Ersetzt,[ce0fbba2871252e4440925b7eb190ff1]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{FDD3E933-4486-4DB4-AB7E-B2FD291C8D90}|NameServer, 104.197.191.4, Gut: (), Schlecht: (104.197.191.4),Ersetzt,[805d104d831692a4222b726a0ff5ed13]

Ordner: 17
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\03000200-1454749379-0500-0006-000700080009, In Quarantäne, [c61796c7e7b21224ef32626d3fc48e72],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71, Löschen bei Neustart, [e8f54e0f4b4e2d09e303b856fd072ad6],
PUP.Optional.MarketScore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge, In Quarantäne, [cf0e0e4f1c7d58de9ab14a5fbe44e11f],
PUP.Optional.BrowserAir, C:\Users\Dom\AppData\Local\BrowserAir, In Quarantäne, [d20b302de2b72a0ca4cf8b2f679b08f8],
PUP.Optional.BrowserAir, C:\Users\Dom\AppData\Local\BrowserAir\47.0.0.4, In Quarantäne, [d20b302de2b72a0ca4cf8b2f679b08f8],
PUP.Optional.BrowserAir, C:\Users\Dom\AppData\Local\BrowserAir\Application, In Quarantäne, [d20b302de2b72a0ca4cf8b2f679b08f8],
PUP.Optional.MaxDriverUpdater, C:\Users\Dom\AppData\Local\Temp\MAXDriverUpdater, In Quarantäne, [a538530a08913105d97e408e5ea4db25],
PUP.Optional.MBot, C:\Users\Dom\AppData\Local\mbot_de_014010228, In Quarantäne, [439ab1ac514893a3bb9e507ea161ad53],
PUP.Optional.MBot, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY, In Quarantäne, [a736afae1b7eb086afac8846f210ae52],
PUP.Optional.OneSoftPerDay, C:\Users\Dom\AppData\Local\ospd_us_013010228, In Quarantäne, [ab32a2bb2d6c092d14b3eee44ab8e41c],
PUP.Optional.OneSoftPerDay, C:\Users\Dom\AppData\Local\ospd_us_013010228\Download, In Quarantäne, [ab32a2bb2d6c092d14b3eee44ab8e41c],
PUP.Optional.OneSoftPerDay, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, In Quarantäne, [16c775e885145adcc108a42ec53dfb05],
PUP.Optional.VBates, C:\Users\Dom\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, In Quarantäne, [706d66f78d0c74c22633e6fbf70b827e],
PUP.Optional.VBates, C:\Users\Dom\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, In Quarantäne, [706d66f78d0c74c22633e6fbf70b827e],
PUP.Optional.VBates, C:\Users\Dom\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, In Quarantäne, [706d66f78d0c74c22633e6fbf70b827e],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\Dom\AppData\Local\bvxvbxxvaa, In Quarantäne, [904dd885c2d77db9ad4f05df5aa8c23e],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting, In Quarantäne, [f3ea6cf18f0a46f04f4be50055ad0ff1],

Dateien: 100
PUP.Optional.Cherimoya, C:\WINDOWS\SYSTEM32\drivers\cherimoya.sys, Löschen bei Neustart, [2fed22167820da74dd6ffd68f375166b],
Trojan.FilePatch.DNSApi, C:\Windows\System32\dnsapi.dll, Ersetzen bei Neustart, [6302a732e50d4e55c861c731404eb823],
Trojan.FilePatch.DNSApi, C:\Windows\SysWOW64\dnsapi.dll, Ersetzen bei Neustart, [259986ab2a2dac5f0f5a8a9abada0bdc],
CrackTool.Agent, C:\Program Files (x86)\AE CS6 Free Release\App\Ae\Support Files\amtlib.dll, In Quarantäne, [508d56076b2e49ed177fa69fb44ed42c],
PUP.Optional.APNToolBar, C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe, In Quarantäne, [7568f8657722300656aa85b03bc65da3],
PUP.Optional.Linkury, C:\ProgramData\Labtech\Kinotcof.exe, In Quarantäne, [d607ee6f673260d6315ea0376e93cc34],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Labtech\Labtech.exe, In Quarantäne, [5786e8759009310529cd13bed130f709],
PUP.Optional.Linkury, C:\ProgramData\Labtech\Tonfax.exe, In Quarantäne, [8855d28b1b7ed165f0a109ce24ddc739],
Adware.EoRezo, C:\Users\Dom\AppData\Local\mbot_de_014010228\upmbot_de_014010228.exe, In Quarantäne, [8f4e08554059dd59aea8edda13ee3ec2],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LQA503O\2MZoQC[1], In Quarantäne, [d10c530a8c0d70c6cecc0e5c4cb62cd4],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LQA503O\dl[1].htm, In Quarantäne, [bb22075602979d9932fb083809f932ce],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LQA503O\tiwr[1].exe, In Quarantäne, [6c71b9a44a4f7fb78415b5b5ef1328d8],
PUP.Optional.SoundPlus, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LQA503O\maxdriverupdater-installer[1].exe, In Quarantäne, [b52897c631689f97ec3d6b7ca75ad32d],
Adware.EoRezo, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LQA503O\setup_ospd_us[1].exe, In Quarantäne, [c01dc796772276c03ddf418db05142be],
PUP.Optional.Amonetize, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LQA503O\install[1].exe, In Quarantäne, [cc11203d6c2d0d29400d63750cf53cc4],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LQA503O\VOPackage[1].exe, In Quarantäne, [e1fcdb823465c76f6298e207966b12ee],
PUP.Optional.PCSpeedUp, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LQA503O\pcspeedup[1].exe, In Quarantäne, [0fceeb72a3f61e18fad241f888790af6],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYQ2FJH\4efece5b5586ee29871717baacdf4c7b[1].exe, In Quarantäne, [d30a6bf29900a591be086bffaa58c739],
PUP.Optional.Conduit, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYQ2FJH\OrbiterInstaller[1].exe, In Quarantäne, [e8f5510c31685cda21cd08c280806d93],
Adware.EoRezo, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYQ2FJH\setup_gmsd_de[1].exe, In Quarantäne, [54892b327b1e75c19587eee08d74a45c],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYQ2FJH\Setup[1].exe, In Quarantäne, [0ad3035a2178bf7793da268de41d2ed2],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYQ2FJH\SFSetup[1].exe, In Quarantäne, [aa330c515f3a9a9c18322e3932d0f808],
PUP.Optional.Amonetize, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYQ2FJH\Bundle_FlowsurfCB[1].exe, In Quarantäne, [2cb1560791080d290d203412fa07cc34],
Adware.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYQ2FJH\v8e19A[1].exe, In Quarantäne, [06d70756d8c1bf7748c212b740c441bf],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYQ2FJH\vDzANM[1].exe, In Quarantäne, [dc012d306633ef47f80d5c061de5fb05],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZP93A3F\fswr[1].exe, In Quarantäne, [a934b8a5d8c176c08c3c5f0b9072c63a],
PUP.Optional.MorePowerfulCleaner, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZP93A3F\MPC_3.2.9127.0113[1].exe, In Quarantäne, [0fce47168f0adf57849747980ef30cf4],
Adware.Imali, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZP93A3F\SilentInstaller_dotnet4[1].exe, In Quarantäne, [29b4a0bdfc9d3afcf10c4017748c956b],
Adware.MaxDriver, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZP93A3F\SpaceSondPro[1].exe, In Quarantäne, [d30a1f3ef3a69c9acd7b46879371c13f],
PUP.Optional.OutBrowse, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZP93A3F\SPGeneric_2711[1].exe, In Quarantäne, [c81567f6f8a1ab8bc83923b81de3f30d],
PUP.Optional.SoundPlus, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAI22RFX\soundplus-installer[1].exe, In Quarantäne, [f0ed2d30742520166ebb8c5ba9588977],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAI22RFX\JOSrv[1].exe, In Quarantäne, [af2ec895d0c976c0fa0dcc96c2402cd4],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAI22RFX\prepreinstaller_win[1].exe, In Quarantäne, [aa338fcec1d8c373986840a4c140ba46],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAI22RFX\SearchUpdater[1].exe, In Quarantäne, [637a5b02465363d32e964488f311b44c],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAI22RFX\Stub[1].exe, In Quarantäne, [617cf36a6a2f9f97f07e575c2bd6ae52],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAI22RFX\SU_Srv[1].exe, In Quarantäne, [78657edf0e8b8da907b0b627e21f38c8],
Adware.EoRezo, C:\Users\Dom\AppData\Local\ospd_us_013010228\upospd_us_013010228.exe, In Quarantäne, [fae383da821747ef98be8d3aaa57669a],
PUP.Optional.SoundPlusPro, C:\Users\Dom\AppData\Local\ospd_us_013010228\Download\wizzupdater.exe, In Quarantäne, [a83518450f8abf77f81b9bbf669afc04],
Trojan.Agent.VB, C:\Users\Dom\AppData\Local\Temp\setup2.exe, In Quarantäne, [8f4e8fce38616fc773d07a4c8b76847c],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Temp\nsa257F.tmp, In Quarantäne, [ab32bca1dcbda98d31fcfb450bf705fb],
PUP.Optional.CSDI, C:\Users\Dom\AppData\Local\Temp\F6NANSJSHY.exe, In Quarantäne, [a835d48905943afc1ce8d12d857fb749],
Trojan.Jaik, C:\Users\Dom\AppData\Local\Temp\Font__7226_il285200.exe, In Quarantäne, [1ebfe27bdabfe155e1180edc39c83dc3],
PUP.Optional.Wajam, C:\Users\Dom\AppData\Local\Temp\WWE_1.60.101.36.exe, In Quarantäne, [4d90fb627425a492801ec93419eb2cd4],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Temp\nsg483A.tmp, In Quarantäne, [1ac3d08dabee8fa768c52a16d032e719],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Temp\nsh629A.tmp, In Quarantäne, [27b6adb02772f541c7289b397c850000],
PUP.Optional.Amonetize, C:\Users\Dom\AppData\Local\Temp\nsw4AF5.tmp, In Quarantäne, [815c025bfd9c3006ab823313d32e06fa],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\Temp\nsw6407.tmp, In Quarantäne, [a63770ed3b5e46f0eab0e6844db58a76],
PUP.Optional.MorePowerfulCleaner, C:\Users\Dom\AppData\Local\Temp\nswEC82.tmp, In Quarantäne, [4e8f8ad360394de9ca51538c8978dd23],
Adware.ConvertAd, C:\Users\Dom\AppData\Local\Temp\nsx3448.tmp, In Quarantäne, [8855cb92c9d0db5be40e9a501de4fa06],
PUP.Optional.RelevantKnowledge, C:\Users\Dom\AppData\Local\Temp\rkinstaller.exe, In Quarantäne, [dffe530a2a6f5fd731f111d8d92bdb25],
PUP.Optional.RelevantKnowledge, C:\Users\Dom\AppData\Local\Temp\rkverify.exe, In Quarantäne, [8b52ce8f1e7bbf77ab6dc81afb09639d],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\Dom\AppData\Local\Temp\nsb5565.tmp\SPTool.dll, In Quarantäne, [f8e560fd366349edb0bd0da66f9234cc],
PUP.Optional.SoundPlusPro, C:\Users\Dom\AppData\Local\Temp\509U9Y9QHU\testnextversion.exe, In Quarantäne, [7d602b321584df57a76c8bcfc83812ee],
PUP.Optional.SoundPlusPro, C:\Users\Dom\AppData\Local\Temp\Z0W6CRNOT0\testversion.exe, In Quarantäne, [a835f865702988ae14ff55059a6629d7],
Trojan.Jaik, C:\Users\Dom\AppData\Local\Temp\RarSFX0\keygen__7516_il735365.exe, In Quarantäne, [7e5f83dadebb83b33cbd38b2db26b34d],
HackTool.CheatEngine, C:\Users\Dom\Desktop\Games\Dying_Light\Dying Light V1.2.0 Trainer +12 MrAntiFun.EXE, In Quarantäne, [09d454098f0aeb4b21bb5cccf40c56aa],
PUP.Optional.InstallCore, C:\Users\Dom\Desktop\Games\Dying_Light\setup.exe, In Quarantäne, [1bc244197821d06697ebde7d2fd205fb],
RiskWare.Injector.DC, C:\Users\Dom\Desktop\Backups\RiptideMenu1.31.rar, In Quarantäne, [9d4015480f8a4cea84b249e17e83eb15],
PUP.Optional.RelevantKnowledge, C:\Windows\System32\rlls64.dll, In Quarantäne, [6a7365f8d7c274c245dd7d6c63a1ce32],
PUP.Optional.RelevantKnowledge, C:\Windows\SysWOW64\rlls.dll, In Quarantäne, [d10c6bf2851455e10a185891ff05fa06],
Trojan.Agent, C:\Windows\SysWOW64\rlls.dll, In Quarantäne, [77660d501c7d7fb7c20ab883c241728e],
Trojan.Agent, C:\Users\Dom\AppData\Local\Temp\rkinstaller.exe, In Quarantäne, [657868f557425dd9362594ad1de65ca4],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\03000200-1454749379-0500-0006-000700080009\Uninstall.exe, In Quarantäne, [c61796c7e7b21224ef32626d3fc48e72],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\03000200-1454749379-0500-0006-000700080009\pnsuCD93.exe, In Quarantäne, [c61796c7e7b21224ef32626d3fc48e72],
PUP.Optional.ConvertAd, C:\Users\Dom\AppData\Local\03000200-1454749379-0500-0006-000700080009\rnsuCD91.exe, In Quarantäne, [c61796c7e7b21224ef32626d3fc48e72],
PUP.Optional.Linkury.Gen, C:\Windows\SysWOW64\findit.xml, In Quarantäne, [924b37266c2d38fe3b424a9980834db3],
PUP.Optional.MyBrowser, C:\Windows\System32\Tasks\IBUpd, In Quarantäne, [835aa7b61287b383e99c45c7bb492dd3],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\dwm.exe, Löschen bei Neustart, [e8f54e0f4b4e2d09e303b856fd072ad6],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\libcurl-4.dl1, Löschen bei Neustart, [e8f54e0f4b4e2d09e303b856fd072ad6],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\libiconv-2.dl1, Löschen bei Neustart, [e8f54e0f4b4e2d09e303b856fd072ad6],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\libidn-11.dl1, Löschen bei Neustart, [e8f54e0f4b4e2d09e303b856fd072ad6],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\libintl-8.dl1, Löschen bei Neustart, [e8f54e0f4b4e2d09e303b856fd072ad6],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\libwinpthread-1.dl1, Löschen bei Neustart, [e8f54e0f4b4e2d09e303b856fd072ad6],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\msupdate.7z, In Quarantäne, [e8f54e0f4b4e2d09e303b856fd072ad6],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\msvcrt.dll, In Quarantäne, [e8f54e0f4b4e2d09e303b856fd072ad6],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\proxy.conf, In Quarantäne, [e8f54e0f4b4e2d09e303b856fd072ad6],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\msupdate71\zlib1.dl1, Löschen bei Neustart, [e8f54e0f4b4e2d09e303b856fd072ad6],
PUP.Optional.VBates.WnskRST, C:\Users\Dom\AppData\Local\Temp\groover060220160748_installer_1454745718.txt, In Quarantäne, [3ba28ad34d4ccf6715be4eeee024b24e],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\System32\Tasks\bvxvbxxvaa, In Quarantäne, [b7264e0f2772e155c95a0e346f950df3],
PUP.Optional.MyBrowser, C:\Windows\System32\Tasks\IBUpd2, In Quarantäne, [12cb97c6cacf74c21d939ab0f41046ba],
Trojan.FakeAlert, C:\Users\Dom\AppData\Local\Temp\Z0W6CRNOT0\testversion.exe, In Quarantäne, [e1fcb6a720799c9a3c2a084658acc33d],
PUP.Optional.MarketScore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk, In Quarantäne, [cf0e0e4f1c7d58de9ab14a5fbe44e11f],
PUP.Optional.MarketScore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID -  Goodware Repository Information Database.lnk, In Quarantäne, [cf0e0e4f1c7d58de9ab14a5fbe44e11f],
PUP.Optional.MarketScore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk, In Quarantäne, [cf0e0e4f1c7d58de9ab14a5fbe44e11f],
PUP.Optional.MarketScore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk, In Quarantäne, [cf0e0e4f1c7d58de9ab14a5fbe44e11f],
PUP.Optional.MarketScore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk, In Quarantäne, [cf0e0e4f1c7d58de9ab14a5fbe44e11f],
PUP.Optional.BrowserAir, C:\Users\Dom\AppData\Local\BrowserAir\Application\unins000.dat, In Quarantäne, [d20b302de2b72a0ca4cf8b2f679b08f8],
PUP.Optional.BrowserAir, C:\Users\Dom\AppData\Local\BrowserAir\Application\unins000.exe, In Quarantäne, [d20b302de2b72a0ca4cf8b2f679b08f8],
PUP.Optional.MBot, C:\Users\Dom\AppData\Local\mbot_de_014010228\upmbot_de_014010228.exe, In Quarantäne, [439ab1ac514893a3bb9e507ea161ad53],
PUP.Optional.MBot, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY\MyBestOffersToday.lnk, In Quarantäne, [a736afae1b7eb086afac8846f210ae52],
PUP.Optional.OneSoftPerDay, C:\Users\Dom\AppData\Local\ospd_us_013010228\upospd_us_013010228.exe, In Quarantäne, [ab32a2bb2d6c092d14b3eee44ab8e41c],
PUP.Optional.OneSoftPerDay, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, In Quarantäne, [16c775e885145adcc108a42ec53dfb05],
PUP.Optional.VBates, C:\Users\Dom\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, In Quarantäne, [706d66f78d0c74c22633e6fbf70b827e],
PUP.Optional.VBates, C:\Users\Dom\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js, In Quarantäne, [706d66f78d0c74c22633e6fbf70b827e],
PUP.Optional.VBates, C:\Users\Dom\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js, In Quarantäne, [706d66f78d0c74c22633e6fbf70b827e],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\ApplicationHosting\ApplicationHosting.exe, In Quarantäne, [f3ea6cf18f0a46f04f4be50055ad0ff1],
PUP.Optional.MorePowerfulCleaner, C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\b30g5a7z.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.searchengine.iconURL", "hxxp://download.mpc.am/mpc/www/mpc.ico");), Ersetzt,[deff035a8a0fe1554898ea1b26dfee12]
PUP.Optional.MorePowerfulCleaner, C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\b30g5a7z.default\prefs.js, Gut: (), Schlecht: (ef("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1454720293)), Ersetzt,[0ad3411c2f6a2f07598791746b9afa06]
PUP.Optional.MorePowerfulCleaner, C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\b30g5a7z.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.searchengine.name", "MPC Safe Search ");), Ersetzt,[0bd22835227764d2a938ac59a85db34d]
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\fem\rik\ulivj.dat, In Quarantäne, [7a63db82b3e6221434b3e41ce124bd43],
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\qoa\cyn\pinmo.dat, In Quarantäne, [f9e4bda04950f640ae3999670005a15f],
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\seg\mik\govmo.dat, In Quarantäne, [cc11ee6f930693a350976f91aa5b2cd4],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

cosinus 07.02.2016 13:58
Zitat:
CrackTool.Agent, C:\Program Files (x86)\AE CS6 Free Release\App\Ae\Support Files\amtlib.dll
Du packst dir selbst die Scheiße ins System?? :wtf: :pfui:

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

Speed9001 07.02.2016 14:03
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
durchgeführt von Dom (Administrator) auf DOM-PC (07-02-2016 13:39:27)
Gestartet von C:\Users\Dom\Desktop
Geladene Profile: Dom (Verfügbare Profile: Dom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCAutoClean.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCNews.exe
() C:\Users\Dom\AppData\Local\Temp\msupdate71\dwm.exe
(Pierre Kriesten Manuel Hettche GbR) C:\Program Files (x86)\TS3index\MusicBot\TS3index-Bot-Manager.exe
(TeamSpeak Systems GmbH) C:\Users\Dom\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Take-Two Interactive Software, Inc.) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
() C:\Users\Dom\AppData\Local\BrowserAir\47.0.0.4\brsrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\ppt\Uninst.exe
HKLM-x32\...\Run: [ospd_us_013010228] => "C:\Program Files (x86)\ospd_us_013010228\ospd_us_013010228.exe"
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\...\Run: [ts3index_musicbot_service] => "C:\Program Files (x86)\TS3index\MusicBot.\bot-manager_service"
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [426600 2016-01-11] (CyberGhost S.R.L.)
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\Dom\AppData\Local\Temp\mdi064.dll,quardin <===== ACHTUNG
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\...\Run: [Advanced SystemCare 9] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\...\MountPoints2: {83c2cac0-47b2-11e5-b70a-f6e0f5d76a61} - I:\pushinst.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-08-22]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-11-24]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2015-08-22]
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\Dom\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-11-12]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4630 series.lnk [2016-02-07]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2A0CA051-E15A-4939-8D32-89D1DD26A106}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{2A0CA051-E15A-4939-8D32-89D1DD26A106}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3E2E42D7-2E89-460C-B08E-350755D98225}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{98BE0671-7976-4BAF-8258-EFCCADA692A5}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{F95E4EC2-A13B-4F79-B08D-35254E8D4413}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{FDD3E933-4486-4DB4-AB7E-B2FD291C8D90}: [NameServer] 104.197.191.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6kQT2R6w_DIczFzodzlAjBBpeSD2AsKW1H5zXdd8JtFnaEOWhY-k5sX_ychOpkj7ngvZJPnxLksHT6bz09BIupfjXWNXPb5Wz569y2cwPA9GJR_hoyJt7GHH338wkqAwArFib-f7iWFDzn6NnLYzeFNRxZl&q={searchTerms}
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6kQT2R6w_DIczFzodzlAjBBpeSD2AsKW1H5zXdd8JtFnaEOWhY-k5sX_ychOpkj7ngvZJPnxLksHT6bz09BIupfjXWNXPb5Wz569y2cwPA9GJR_hoyJt7GHH338wkqAwArFib-f7iWFDzn6NnLYzeFNRxZl&q={searchTerms}
HKU\S-1-5-21-1235700998-711781633-2637323769-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6kQT2R6w_DIczFzodzlAjBBpeSD2AsKW1H5zXdd8JtFnaEOWhY-k5sX_ychOpkj7ngvZJPnxLksHT6bz09BIupfjXWNXPb5Wz569y2cwPA9GJR_hoyJt7GHH338wkqAwArFib-f7iWFDzn6NnLYzeFNRxZl&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6kQT2R6w_DIczFzodzlAjBBpeSD2AsKW1H5zXdd8JtFnaEOWhY-k5sX_ychOpkj7ngvZJPnxLksHT6bz09BIupfjXWNXPb5Wz569y2cwPA9GJR_hoyJt7GHH338wkqAwArFib-f7iWFDzn6NnLYzeFNRxZl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1235700998-711781633-2637323769-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6kQT2R6w_DIczFzodzlAjBBpeSD2AsKW1H5zXdd8JtFnaEOWhY-k5sX_ychOpkj7ngvZJPnxLksHT6bz09BIupfjXWNXPb5Wz569y2cwPA9GJR_hoyJt7GHH338wkqAwArFib-f7iWFDzn6NnLYzeFNRxZl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1235700998-711781633-2637323769-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByvzhEb-M2ds_L6kQT2R6w_DIczFzodzlAjBBpeSD2AsKW1H5zXdd8JtFnaEOWhY-k5sX_ychOpkj7ngvZJPnxLksHT6bz09BIupfjXWNXPb5Wz569y2cwPA9GJR_hoyJt7GHH338wkqAwArFib-f7iWFDzn6NnLYzeFNRxZl&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-23] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-01-17] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-23] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\b30g5a7z.default
FF NewTab: C:\\ProgramData\\dlohns\\ff.NT
FF DefaultSearchEngine: findit
FF SelectedSearchEngine: Bing®
FF Homepage: C:\\ProgramData\\dlohns\\ff.HP
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\b30g5a7z.default\searchplugins\bing-lavasoft.xml [2016-02-06]
FF SearchPlugin: C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\b30g5a7z.default\searchplugins\findit.xml [2016-02-07]
FF Extension: MEGA - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\b30g5a7z.default\Extensions\firefox@mega.co.nz.xpi [2015-11-12] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\b30g5a7z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM\...\Firefox\Extensions: [{94768FC1-F3F1-4A83-8A0F-CCE837F4350F}] - C:\Program Files\groover060220160459\Firefox\{94768FC1-F3F1-4A83-8A0F-CCE837F4350F}.xpi => nicht gefunden
FF HKLM\...\Firefox\Extensions: [{723310B3-68BE-4539-8549-4481B2F8A0B8}] - C:\Program Files\groover060220160748\Firefox\{723310B3-68BE-4539-8549-4481B2F8A0B8}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{94768FC1-F3F1-4A83-8A0F-CCE837F4350F}] - C:\Program Files\groover060220160459\Firefox\{94768FC1-F3F1-4A83-8A0F-CCE837F4350F}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{723310B3-68BE-4539-8549-4481B2F8A0B8}] - C:\Program Files\groover060220160748\Firefox\{723310B3-68BE-4539-8549-4481B2F8A0B8}.xpi => nicht gefunden
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-08-22] (Adobe Systems) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-04] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [Datei ist nicht signiert]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1300512 2016-01-17] ()
S3 Boonty Games; C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2016-02-06] (BOONTY) [Datei ist nicht signiert]
R3 brsrv; C:\Users\Dom\AppData\Local\BrowserAir\47.0.0.4\brsrv.exe [104448 2016-01-31] () [Datei ist nicht signiert]
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-01-19] (Digital Wave Ltd.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-09-27] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-06-03] (Futuremark)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [349152 2016-02-06] (DotC United Inc)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-10-03] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [Datei ist nicht signiert]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S2 fuqucohuzbt; C:\Program Files (x86)\03000200-1454745702-0500-0006-000700080009\knsjABE5.tmpfs [X]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 prgductyy; C:\Users\Dom\AppData\Local\Fase-ron.exe upyateupda prgductyy [X]
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [X] <==== ACHTUNG
S2 rowugoqo; C:\Users\Dom\AppData\Local\03000200-1454749379-0500-0006-000700080009\snsuCD90.tmp [X]
S2 wucotusy; C:\Program Files (x86)\03000200-1454745702-0500-0006-000700080009\hnseEC66.tmp [X]
S2 zutuzuni; C:\Program Files (x86)\03000200-1454745702-0500-0006-000700080009\jnsuC610.tmp [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-04] (Avira Operations GmbH & Co. KG)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2016-02-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-02-06] (DotC United Inc)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-05-27] ()
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-07 13:39 - 2016-02-07 13:42 - 00028570 _____ C:\Users\Dom\Desktop\FRST.txt
2016-02-07 13:39 - 2016-02-07 13:39 - 00000000 ____D C:\FRST
2016-02-07 13:32 - 2016-02-07 13:32 - 02370560 _____ (Farbar) C:\Users\Dom\Desktop\FRST64.exe
2016-02-07 11:48 - 2016-02-07 11:48 - 00003086 _____ C:\Windows\System32\Tasks\{194B4874-617B-4764-BCA4-DEFF5655B047}
2016-02-07 11:42 - 2016-02-07 11:42 - 00000000 ____D C:\ProgramData\dlohns
2016-02-07 11:39 - 2016-02-07 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-02-06 12:11 - 2016-02-07 13:01 - 00003490 _____ C:\Windows\System32\Tasks\IBUpd
2016-02-06 12:11 - 2016-02-07 13:01 - 00003234 _____ C:\Windows\System32\Tasks\IBUpd2
2016-02-06 12:10 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Dom\AppData\Local\BrowserAir
2016-02-06 12:09 - 2016-02-07 11:48 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-02-06 12:09 - 2016-02-06 12:09 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-02-06 12:09 - 2016-02-06 12:09 - 00003228 _____ C:\Windows\System32\Tasks\runTask
2016-02-06 12:09 - 2016-02-06 12:09 - 00003132 _____ C:\Windows\System32\Tasks\updateTask
2016-02-06 12:09 - 2015-12-01 11:34 - 00023208 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys
2016-02-06 09:07 - 2016-02-07 11:49 - 00000000 ____D C:\Users\Dom\AppData\Local\bvxvbxxvaa
2016-02-06 09:07 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2016-02-06 09:07 - 2016-02-06 12:06 - 00002952 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2016-02-06 09:07 - 2016-02-06 12:06 - 00002952 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2016-02-06 09:07 - 2016-02-06 09:07 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2016-02-06 09:07 - 2016-02-06 09:07 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2016-02-06 09:07 - 2016-02-06 09:07 - 00003446 _____ C:\Windows\System32\Tasks\bvxvbxxvaa
2016-02-06 09:07 - 2014-08-18 21:49 - 00971544 _____ (TMRG, Inc.) C:\Windows\system32\rlls64.dll
2016-02-06 09:07 - 2014-08-18 21:49 - 00660760 _____ C:\Windows\SysWOW64\rlls.dll
2016-02-06 09:06 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-02-06 09:06 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-02-06 09:06 - 2016-02-06 12:17 - 00000000 ____D C:\Program Files (x86)\IObit
2016-02-06 09:06 - 2016-02-06 12:05 - 00000000 ____D C:\Users\Dom\AppData\Roaming\ProductData
2016-02-06 09:06 - 2016-02-06 12:05 - 00000000 ____D C:\Users\Dom\AppData\Roaming\IObit
2016-02-06 09:06 - 2016-02-06 12:05 - 00000000 ____D C:\Users\Dom\AppData\LocalLow\IObit
2016-02-06 09:06 - 2016-02-06 12:05 - 00000000 ____D C:\ProgramData\ProductData
2016-02-06 09:06 - 2016-02-06 12:05 - 00000000 ____D C:\ProgramData\IObit
2016-02-06 09:06 - 2016-02-06 09:06 - 00003172 _____ C:\Windows\System32\Tasks\ASC9_PerformanceMonitor
2016-02-06 09:06 - 2016-02-06 09:06 - 00002896 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Dom
2016-02-06 09:06 - 2016-02-06 09:06 - 00002860 _____ C:\Windows\System32\Tasks\ASC9_SkipUac_Dom
2016-02-06 09:06 - 2016-02-06 09:06 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-02-06 09:06 - 2016-02-06 09:06 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-02-06 09:06 - 2016-02-06 09:06 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-02-06 09:06 - 2016-02-06 09:06 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-02-06 09:05 - 2016-02-07 12:02 - 00000000 ____D C:\Program Files\REACHit
2016-02-06 09:05 - 2016-02-06 09:05 - 00041472 _____ C:\Users\Dom\AppData\Local\Fase-ron.dat
2016-02-06 09:05 - 2016-02-06 09:05 - 00000187 _____ C:\Users\Dom\AppData\Local\Fase-ron.exe.config
2016-02-06 09:03 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontList
2016-02-06 09:02 - 2016-02-07 11:37 - 00000000 ____D C:\Windows\system32\qoa
2016-02-06 09:02 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Dom\AppData\Local\03000200-1454749379-0500-0006-000700080009
2016-02-06 09:02 - 2016-02-06 09:00 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-02-06 09:01 - 2016-02-07 11:42 - 00002389 _____ C:\Windows\SysWOW64\findit.xml
2016-02-06 09:01 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Dom\AppData\Local\mbot_de_014010228
2016-02-06 09:01 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2016-02-06 09:00 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Dom\AppData\Local\ospd_us_013010228
2016-02-06 09:00 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2016-02-06 08:35 - 2016-02-07 11:37 - 00000000 ____D C:\Windows\system32\seg
2016-02-06 08:35 - 2016-02-06 12:05 - 00000000 ____D C:\Users\Dom\AppData\Roaming\ImyjqFil
2016-02-06 08:35 - 2016-02-06 08:35 - 00003336 _____ C:\Windows\System32\Tasks\Bafpi
2016-02-06 08:23 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoontyGames
2016-02-06 08:23 - 2016-02-06 08:23 - 00000000 ____D C:\ProgramData\BOONTY
2016-02-06 08:14 - 2016-02-06 08:16 - 00000000 ____D C:\ProgramData\Big Fish
2016-02-06 08:13 - 2016-02-06 08:14 - 00000000 ____D C:\Users\Dom\AppData\Local\Big Fish
2016-02-06 08:08 - 2016-02-06 08:49 - 00000000 ____D C:\ProgramData\TEMP
2016-02-06 08:07 - 2016-02-07 11:37 - 00000000 ____D C:\Program Files (x86)\Games
2016-02-06 05:28 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Dom\BigFish - Hidden Expedition  Everest - Hidden Object - Requested [h33t][Wendy99]
2016-02-06 05:28 - 2016-02-06 05:28 - 00000000 ____D C:\Users\Dom\AppData\Roaming\kingsoft
2016-02-06 05:28 - 2016-02-06 05:28 - 00000000 ____D C:\Users\Dom\AppData\Local\kingsoft
2016-02-06 05:24 - 2016-02-06 05:24 - 00003096 _____ C:\Windows\System32\Tasks\{261FD569-8F45-483F-92B4-EA4B1A713A84}
2016-02-06 05:23 - 2016-02-06 08:58 - 00000000 ____D C:\Users\Dom\AppData\Local\Prompt Downloader
2016-02-06 05:22 - 2016-02-07 11:37 - 00000000 ____D C:\Windows\system32\fem
2016-02-06 05:22 - 2016-02-06 12:05 - 00000000 ____D C:\Users\Dom\AppData\Roaming\BucvhvByts
2016-02-06 05:22 - 2016-02-06 09:03 - 00000000 ____D C:\Users\Dom\AppData\Local\Tempfolder
2016-02-06 05:22 - 2016-02-06 05:28 - 00000000 ____D C:\ProgramData\kingsoft
2016-02-06 05:21 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Dom\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-02-06 05:21 - 2016-02-06 10:53 - 00000000 ____D C:\Users\Dom\AppData\LocalLow\Company
2016-02-06 05:21 - 2016-02-06 05:21 - 00003338 _____ C:\Windows\System32\Tasks\Amopc
2016-02-01 03:26 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-01-29 19:51 - 2016-01-29 19:51 - 00000000 ____D C:\Users\Dom\Documents\Rise of the Tomb Raider
2016-01-29 19:51 - 2016-01-29 19:51 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Crystal Dynamics
2016-01-29 19:43 - 2016-01-29 19:43 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-28 18:58 - 2016-01-28 18:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-28 00:37 - 2016-02-07 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-26 17:03 - 2016-01-26 17:03 - 00000000 ____D C:\Users\Dom\Documents\Black Ops 2 - GSC Studio
2016-01-26 17:03 - 2016-01-26 17:03 - 00000000 ____D C:\Users\Dom\AppData\Local\iMCS_Productions
2016-01-26 16:59 - 2016-01-26 16:59 - 00000000 ____D C:\Users\Dom\Desktop\MAPS
2016-01-26 03:39 - 2016-01-26 03:39 - 00000000 ____D C:\Users\Dom\Downloads\CyberGhost 5 With 3 Months Serials
2016-01-24 22:19 - 2016-01-24 22:19 - 00000006 _____ C:\Users\Dom\Desktop\Neues Textdokument.txt
2016-01-24 17:09 - 2016-01-26 13:56 - 00000000 ____D C:\Users\Dom\AppData\Local\CyberGhost
2016-01-24 17:08 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2016-01-24 17:08 - 2016-01-26 07:04 - 00000000 ____D C:\Program Files\CyberGhost 5
2016-01-24 17:08 - 2016-01-26 04:59 - 00001881 _____ C:\Users\Dom\Desktop\CyberGhost 5.lnk
2016-01-24 17:08 - 2016-01-24 17:08 - 00000000 ____D C:\Program Files\TAP-Windows
2016-01-24 05:48 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Raptr
2016-01-24 05:48 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Paul
2016-01-24 05:48 - 2016-01-24 05:48 - 00001421 _____ C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 05:48 - 2016-01-24 05:48 - 00000020 ___SH C:\Users\Paul\ntuser.ini
2016-01-24 05:48 - 2015-11-24 11:31 - 00002120 _____ C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-24 04:52 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-01-24 04:52 - 2016-01-28 19:50 - 00001971 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2016-01-24 02:49 - 2016-01-24 02:49 - 06700592 _____ (delight software gmbh ) C:\Users\Dom\Downloads\SpeedLimiter202.exe
2016-01-24 02:49 - 2016-01-24 02:49 - 01466656 _____ C:\Users\Dom\Downloads\Speed Limiter - CHIP-Installer.exe
2016-01-24 02:13 - 2016-01-24 04:53 - 00000000 ____D C:\Users\Dom\Documents\Rockstar Games
2016-01-24 02:13 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-01-24 02:13 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-01-23 20:48 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-23 20:48 - 2016-01-23 20:48 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-23 20:46 - 2016-01-23 20:46 - 00643680 _____ (Oracle Corporation) C:\Users\Dom\Downloads\jxpiinstall.exe
2016-01-23 20:07 - 2016-01-23 20:24 - 00000000 ____D C:\Program Files (x86)\QuickSearch
2016-01-19 19:21 - 2016-02-07 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TS3index
2016-01-19 19:21 - 2016-01-19 19:21 - 00000000 ____D C:\Users\Dom\AppData\Roaming\TS3index
2016-01-19 19:20 - 2016-01-19 19:20 - 01169408 _____ (TS3index.com GbR) C:\Users\Dom\Downloads\TS3index-Installer(1).exe
2016-01-19 19:19 - 2016-01-19 19:19 - 00000087 _____ C:\ProgramData\Uninstaller.bat
2016-01-19 19:13 - 2016-01-19 19:13 - 01169408 _____ (TS3index.com GbR) C:\Users\Dom\Downloads\TS3index-Installer.exe
2016-01-18 15:45 - 2016-01-18 15:45 - 06539752 _____ (Tim Kosse) C:\Users\Dom\Downloads\FileZilla_3.14.1_win64-setup.exe
2016-01-17 21:19 - 2016-01-17 22:36 - 00000000 ____D C:\Users\Dom\AppData\Roaming\YaTQA
2016-01-17 21:19 - 2016-01-17 21:19 - 00000000 ____D C:\Program Files (x86)\YaTQA
2016-01-16 21:24 - 2016-01-19 19:21 - 00000000 ____D C:\Users\Dom\AppData\Local\TS3index.com_GbR
2016-01-16 21:23 - 2016-01-19 19:20 - 00000000 ____D C:\Program Files (x86)\TS3index
2016-01-13 18:07 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 18:07 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 18:07 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 18:07 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 18:07 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 18:07 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 18:03 - 2015-12-24 00:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 18:03 - 2015-12-23 23:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 18:03 - 2015-12-12 19:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 18:03 - 2015-12-12 19:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 18:03 - 2015-12-12 19:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 18:03 - 2015-12-12 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 18:03 - 2015-12-12 19:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 18:03 - 2015-12-12 19:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 18:03 - 2015-12-12 19:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 18:03 - 2015-12-12 19:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 18:03 - 2015-12-12 19:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 18:03 - 2015-12-12 19:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 18:03 - 2015-12-12 19:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 18:03 - 2015-12-12 19:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 18:03 - 2015-12-12 19:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 18:03 - 2015-12-12 19:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 18:03 - 2015-12-12 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 18:03 - 2015-12-12 19:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 18:03 - 2015-12-12 19:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 18:03 - 2015-12-12 19:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 18:03 - 2015-12-12 18:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 18:03 - 2015-12-12 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 18:03 - 2015-12-12 18:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 18:03 - 2015-12-12 18:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 18:03 - 2015-12-12 18:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 18:03 - 2015-12-12 18:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 18:03 - 2015-12-12 18:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 18:03 - 2015-12-12 18:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 18:03 - 2015-12-12 18:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 18:03 - 2015-12-12 18:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 18:03 - 2015-12-12 18:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 18:03 - 2015-12-12 18:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 18:03 - 2015-12-12 18:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 18:03 - 2015-12-12 18:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 18:03 - 2015-12-12 18:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 18:03 - 2015-12-12 18:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 18:03 - 2015-12-12 18:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 18:03 - 2015-12-12 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 18:03 - 2015-12-12 18:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 18:03 - 2015-12-12 18:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 18:03 - 2015-12-12 18:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 18:03 - 2015-12-12 18:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 18:03 - 2015-12-12 18:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 18:03 - 2015-12-12 18:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 18:03 - 2015-12-12 18:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 18:03 - 2015-12-12 18:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 18:03 - 2015-12-12 18:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 18:03 - 2015-12-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 18:03 - 2015-12-12 18:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 18:03 - 2015-12-12 18:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 18:03 - 2015-12-12 18:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 18:03 - 2015-12-12 18:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 18:03 - 2015-12-12 18:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 18:03 - 2015-12-12 18:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 18:03 - 2015-12-12 18:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 18:03 - 2015-12-12 18:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 18:03 - 2015-12-12 18:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 18:03 - 2015-12-12 18:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 18:03 - 2015-12-12 18:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 18:03 - 2015-12-12 17:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 18:03 - 2015-12-12 17:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 18:03 - 2015-12-12 17:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 18:03 - 2015-12-12 17:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 18:03 - 2015-12-12 17:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 18:03 - 2015-12-11 19:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 18:03 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 18:03 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 18:03 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 18:03 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 18:03 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 18:03 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 18:03 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 18:03 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 18:03 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 18:03 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 18:03 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 18:03 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 18:03 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 18:03 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 18:03 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 18:03 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 18:03 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 18:03 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 18:03 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 18:03 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 18:03 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 18:03 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 18:03 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 18:03 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 18:03 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 18:03 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 18:03 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 18:03 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 18:03 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 18:03 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 18:03 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 18:03 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 18:03 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 18:03 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 18:03 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 18:03 - 2015-12-08 18:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 18:02 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 18:02 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 18:02 - 2015-12-08 20:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 18:02 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 18:02 - 2015-11-17 02:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 18:02 - 2015-11-17 02:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 18:02 - 2015-11-17 02:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 18:02 - 2015-11-17 02:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 18:02 - 2015-11-17 02:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 18:02 - 2015-11-17 02:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 18:02 - 2015-11-16 21:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 17:53 - 2015-12-30 20:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 17:53 - 2015-12-30 20:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 17:53 - 2015-12-30 20:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 17:53 - 2015-12-30 20:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 17:53 - 2015-12-30 20:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 17:53 - 2015-12-30 20:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 17:53 - 2015-12-30 20:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 17:53 - 2015-12-30 20:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 17:53 - 2015-12-30 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 17:53 - 2015-12-30 20:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 17:53 - 2015-12-30 20:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 17:53 - 2015-12-30 20:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 17:53 - 2015-12-30 20:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 17:53 - 2015-12-30 20:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 17:53 - 2015-12-30 20:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 17:53 - 2015-12-30 20:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 17:53 - 2015-12-30 20:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 17:53 - 2015-12-30 20:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 17:53 - 2015-12-30 19:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 17:53 - 2015-12-30 19:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 17:53 - 2015-12-30 19:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 17:53 - 2015-12-30 19:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 17:53 - 2015-12-30 19:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 17:53 - 2015-12-30 19:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 17:53 - 2015-12-30 19:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 17:53 - 2015-12-30 19:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 17:53 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 17:53 - 2015-12-30 19:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 17:53 - 2015-12-30 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 17:53 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 17:53 - 2015-12-30 19:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 17:53 - 2015-12-30 19:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 17:53 - 2015-12-30 19:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 17:53 - 2015-12-30 19:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 17:53 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 17:53 - 2015-12-30 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 17:53 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 17:53 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 17:53 - 2015-12-30 19:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 17:53 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 17:53 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 17:53 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 17:53 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 17:53 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 17:53 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 17:53 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 17:53 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 18:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 17:53 - 2015-12-30 18:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 17:53 - 2015-12-30 18:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 17:53 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 17:53 - 2015-12-30 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 17:53 - 2015-12-30 18:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 17:53 - 2015-12-30 18:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 17:53 - 2015-12-30 18:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 17:53 - 2015-12-30 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 17:53 - 2015-12-30 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 17:53 - 2015-12-30 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 17:53 - 2015-12-30 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 17:53 - 2015-12-30 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 17:53 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 17:53 - 2015-12-30 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 17:53 - 2015-12-30 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-02-07 13:43 - 2015-08-21 19:12 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-02-07 13:41 - 2015-12-01 23:33 - 00000000 ____D C:\Users\Dom\AppData\Roaming\TS3Client
2016-02-07 13:36 - 2015-12-01 23:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-07 13:19 - 2015-08-21 23:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-07 13:01 - 2015-08-22 00:23 - 00000000 ____D C:\Users\Dom\AppData\Local\CrashDumps
2016-02-07 12:25 - 2015-08-21 00:59 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-07 12:08 - 2011-04-12 08:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2016-02-07 12:08 - 2011-04-12 08:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2016-02-07 12:08 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-07 12:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-07 11:54 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-07 11:54 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-07 11:42 - 2015-08-20 23:07 - 00001433 _____ C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-07 11:40 - 2015-08-23 13:06 - 00000000 ____D C:\Users\Dom\AppData\Local\LogMeIn Hamachi
2016-02-07 11:39 - 2015-08-20 23:06 - 00000000 ____D C:\Users\Dom
2016-02-07 11:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-07 11:37 - 2015-12-01 23:33 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-02-07 11:37 - 2015-11-22 14:43 - 00000000 ____D C:\Users\Dom\Desktop\Games
2016-02-07 11:37 - 2015-11-17 11:28 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-02-07 11:37 - 2015-09-19 19:46 - 00000000 ____D C:\Program Files (x86)\DayZLauncher
2016-02-07 11:37 - 2015-08-23 20:42 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-02-07 11:37 - 2015-08-22 14:20 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2016-02-07 11:37 - 2015-08-22 14:18 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2016-02-07 11:37 - 2015-08-22 00:35 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-02-07 11:37 - 2015-08-21 20:10 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-07 11:37 - 2015-08-21 00:37 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Raptr
2016-02-07 11:37 - 2015-08-20 23:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-07 11:37 - 2014-11-17 21:15 - 00000000 ____D C:\Users\Dom\Desktop\MYSQL
2016-02-07 11:37 - 2014-05-16 20:23 - 00000000 ____D C:\Users\Dom\Desktop\Dom
2016-02-07 11:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-02-07 11:14 - 2015-09-05 04:34 - 00000000 ____D C:\Users\Dom\Desktop\Backups
2016-02-06 12:05 - 2015-08-22 00:53 - 00000000 ____D C:\Users\Dom\AppData\Roaming\uTorrent
2016-02-06 10:54 - 2015-12-06 00:10 - 00000000 ____D C:\Users\Dom\AppData\Roaming\TeamViewer
2016-02-06 10:54 - 2015-08-23 20:50 - 00000000 ____D C:\Users\Dom\AppData\Roaming\FileZilla
2016-02-06 05:03 - 2015-08-21 09:57 - 00000000 ____D C:\Users\Dom\AppData\Roaming\vlc
2016-02-05 00:44 - 2015-09-01 21:31 - 00000080 _____ C:\Users\Dom\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-02-04 20:13 - 2015-08-21 10:14 - 00000000 ____D C:\Users\Dom\AppData\Roaming\.minecraft
2016-02-03 06:37 - 2015-08-22 01:04 - 00000000 ____D C:\ProgramData\Origin
2016-02-02 23:13 - 2015-08-22 01:04 - 00000000 ____D C:\Program Files (x86)\Origin
2016-02-01 04:24 - 2015-10-25 18:57 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Infamous GTAV Menu
2016-02-01 03:27 - 2015-08-21 20:27 - 00000000 ____D C:\Users\Dom\AppData\Roaming\DVDVideoSoft
2016-02-01 03:26 - 2015-08-21 20:28 - 00001302 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2016-02-01 03:26 - 2015-08-21 20:28 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2016-02-01 03:25 - 2015-08-21 20:28 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2016-01-29 19:44 - 2015-11-17 11:27 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-29 19:43 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-29 19:42 - 2015-11-17 11:24 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-28 19:17 - 2015-09-01 21:27 - 00000000 ____D C:\Program Files\Rockstar Games
2016-01-28 19:17 - 2015-09-01 21:27 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-01-24 19:04 - 2015-08-20 23:06 - 00000000 ____D C:\Users\Dom\AppData\Local\VirtualStore
2016-01-24 06:25 - 2009-07-14 05:45 - 00432728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-24 04:54 - 2015-09-01 20:21 - 00000000 ____D C:\Users\Dom\AppData\Local\Rockstar Games
2016-01-24 04:52 - 2015-08-20 23:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-23 23:07 - 2015-08-21 00:49 - 00000000 ____D C:\Users\Dom\AppData\Local\2K Games
2016-01-23 22:23 - 2015-08-20 23:24 - 00111080 _____ C:\Users\Dom\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-23 22:12 - 2015-12-12 19:38 - 00000000 ____D C:\ProgramData\MTA San Andreas All
2016-01-23 22:08 - 2015-11-17 13:36 - 00000000 ____D C:\Program Files (x86)\HP
2016-01-23 22:02 - 2011-04-12 08:54 - 00000000 ____D C:\Windows\ShellNew
2016-01-23 21:59 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-23 21:18 - 2015-11-17 14:52 - 03936256 ___SH C:\Users\Dom\Desktop\Thumbs.db
2016-01-23 20:49 - 2015-08-21 10:30 - 00000000 ____D C:\ProgramData\Oracle
2016-01-23 20:48 - 2015-08-21 10:30 - 00000000 ____D C:\Users\Dom\.oracle_jre_usage
2016-01-23 20:48 - 2015-08-21 10:29 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-23 03:18 - 2015-09-01 20:30 - 00000000 ____D C:\Users\Dom\Documents\Rockstar Games[Steam]
2016-01-22 05:07 - 2015-08-23 20:42 - 00001837 _____ C:\Users\Dom\Desktop\FileZilla Client.lnk
2016-01-20 21:20 - 2015-12-13 00:37 - 00000000 ____D C:\output
2016-01-20 21:18 - 2015-12-13 00:34 - 00003072 ____H C:\Users\Dom\Desktop\photothumb.db
2016-01-20 03:19 - 2015-08-21 23:47 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 03:19 - 2015-08-21 23:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 03:19 - 2015-08-21 23:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 00:21 - 2015-11-12 14:34 - 00000000 ____D C:\ProgramData\MEGAsync
2016-01-19 19:19 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-19 17:28 - 2015-10-03 16:16 - 00000000 ____D C:\Users\Dom\AppData\Roaming\.technic
2016-01-18 17:47 - 2015-11-06 11:31 - 00000000 ____D C:\Users\Dom\AppData\Roaming\7DaysToDie
2016-01-18 15:45 - 2015-08-23 20:42 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-01-17 20:06 - 2015-10-09 22:20 - 00000000 ____D C:\Users\Dom\AppData\Local\Arma 3
2016-01-16 14:49 - 2015-11-24 20:27 - 00000000 ____D C:\Users\Dom\Desktop\MUSIK
2016-01-15 15:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-14 17:10 - 2015-08-21 18:52 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-14 17:10 - 2015-08-21 18:52 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 03:07 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2016-01-09 22:35 - 2015-10-18 01:51 - 00000000 ____D C:\Users\Dom\AppData\Local\fabi.me

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-05 18:29 - 2015-11-11 10:21 - 0000297 _____ () C:\Users\Dom\AppData\Roaming\BreakingPoint_Login.ini
2015-11-05 22:47 - 2015-11-11 10:48 - 0001428 _____ () C:\Users\Dom\AppData\Roaming\BreakingPoint_Options.ini
2015-08-22 00:38 - 2015-08-22 00:38 - 0003584 _____ () C:\Users\Dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-20 23:21 - 2015-08-20 23:21 - 0000000 _____ () C:\Users\Dom\AppData\Local\Driver_LOM_8161Present.flag
2016-02-06 09:05 - 2016-02-06 09:05 - 0041472 _____ () C:\Users\Dom\AppData\Local\Fase-ron.dat
2016-02-06 09:05 - 2016-02-06 09:05 - 0000187 _____ () C:\Users\Dom\AppData\Local\Fase-ron.exe.config
2015-11-19 10:29 - 2015-11-19 10:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-20 23:17 - 2015-08-20 23:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-17 13:35 - 2016-01-23 22:08 - 0005968 _____ () C:\ProgramData\hpzinstall.log
2016-01-19 19:19 - 2016-01-19 19:19 - 0000087 _____ () C:\ProgramData\Uninstaller.bat

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\Uninstaller.bat


Einige Dateien in TEMP:
====================
C:\Users\Dom\AppData\Local\Temp\atdl.exe
C:\Users\Dom\AppData\Local\Temp\avgnt.exe
C:\Users\Dom\AppData\Local\Temp\Bass.dll
C:\Users\Dom\AppData\Local\Temp\Bass.Net.dll
C:\Users\Dom\AppData\Local\Temp\downloader.dll
C:\Users\Dom\AppData\Local\Temp\F6NANSJSHY.exe
C:\Users\Dom\AppData\Local\Temp\Font__7226_il285200.exe
C:\Users\Dom\AppData\Local\Temp\hib2935.exe
C:\Users\Dom\AppData\Local\Temp\ICReinstall_keygen-step-2.exe
C:\Users\Dom\AppData\Local\Temp\JH1JGF5D25.exe
C:\Users\Dom\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Dom\AppData\Local\Temp\mdi064.dll
C:\Users\Dom\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Dom\AppData\Local\Temp\nsgAE9B.exe
C:\Users\Dom\AppData\Local\Temp\nsWl3xM.exe
C:\Users\Dom\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe
C:\Users\Dom\AppData\Local\Temp\oprun14019.exe
C:\Users\Dom\AppData\Local\Temp\oprun8673.exe
C:\Users\Dom\AppData\Local\Temp\Prompt-Downloader-1931946062.exe
C:\Users\Dom\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71715_Silence.exe
C:\Users\Dom\AppData\Local\Temp\rkinstaller.exe
C:\Users\Dom\AppData\Local\Temp\rkverify.exe
C:\Users\Dom\AppData\Local\Temp\serial.exe
C:\Users\Dom\AppData\Local\Temp\setup.exe
C:\Users\Dom\AppData\Local\Temp\setup2.exe
C:\Users\Dom\AppData\Local\Temp\SPINT-G.exe
C:\Users\Dom\AppData\Local\Temp\Sumis.exe
C:\Users\Dom\AppData\Local\Temp\tmd_34015132.exe
C:\Users\Dom\AppData\Local\Temp\tmd_34017719.exe
C:\Users\Dom\AppData\Local\Temp\tmd_34017975.exe
C:\Users\Dom\AppData\Local\Temp\Uninstall.exe
C:\Users\Dom\AppData\Local\Temp\W.P.S.5041.50.327.exe
C:\Users\Dom\AppData\Local\Temp\WWE_1.60.101.36.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll
[2015-08-21 10:50] - [2015-08-21 10:50] - 0357888 ____A (Microsoft Corporation) 6302A732E50D4E55C861C731404EB823

C:\Windows\SysWOW64\dnsapi.dll
[2015-08-21 10:50] - [2015-08-21 10:50] - 0270336 ____A (Microsoft Corporation) 259986AB2A2DAC5F0F5A8A9ABADA0BDC

C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-29 00:48

==================== Ende von FRST.txt ============================
Habe es jetzt entfernt soll ich dann nochmal ein FRST scan durchführen

cosinus 07.02.2016 14:04
Die gecrackten installierten Programme auch deinstalliert? Alles?

Speed9001 07.02.2016 14:10
Moment ich kontrollier nochmal alles

Ja müsste alles weg sein sehe nähmlich nichts mehr

cosinus 07.02.2016 14:15
ok :)

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Speed9001 08.02.2016 09:39
Wir haben ein kleines Problem, wo ich das Malwarebytes Anti-Rootkit benutz habe und den cleanup Button gedrückt hat er nach dem Neustart mein Windows nicht richtig geladen, unten rechts über der Uhrzeit stand nämlich das diese Kopie von Windows 7 nicht bestätigt ist und ins Internet kam ich dann auch nicht

cosinus 08.02.2016 09:47
Ohne das Log dazu kann dir niemand was dazu sagen

Speed9001 08.02.2016 09:50
Bringt das log auch was ohne die entfernt zu haben?


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:07 Uhr.
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132