Hallo liebe Community,

Nach einiger Zeit muss ich nun "leider" mal wieder Eure Hilfe in Asnpruch nehmen.

Mein RAM 6 GB ist mit 58% im Leerlauf viel zu ausgelastet.. Darf eigentlich nicht sein, da ich weder große Programme, Games oder Hardware installiert habe. Zudem ist der Rechner erst 10 Monate alt...
habe im Forum gestöbert und bereits einige Schritte, LogFiles erstellt, unternommen.
Erstere hier:

Vielen Dank schon mal für Eure Hilfe!

Malwarebytes hat Malware entdeckt und ich habe diese nach Anführung(http://www.trojaner-board.de/142278-...uslastung.html) bereits in Quarantäne verschoben!!

Die Logs bitte nicht in den Anhang packen...

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für die Info, hier meine Files:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Thomas (administrator) on TOSHIBA-TH on 20-04-2014 08:06:43
Running from C:\Users\Thomas\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\nlssrv32.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\windows\System32\perfmon.exe
(Malwarebytes Corporation                                    ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
() C:\Users\Thomas\AppData\Local\Temp\is-VHHB0.tmp\mbam-setup-2.0.1.1004.tmp
(Malwarebytes Corporation                                    ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
() C:\Users\Thomas\AppData\Local\Temp\is-7DSDH.tmp\mbam-setup-2.0.1.1004.tmp


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-18] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3796240173-509024344-3822763771-1001\...\MountPoints2: {50ed812c-de9c-11e2-be76-7054d2493346} - "G:\LGAutoRun.exe" 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D4A77054D2493346&affID=121564&tsp=4969
SearchScopes: HKCU - {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Homepage: https://startpage.com/deu/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-24]
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-04-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-04-04] ()
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1549384 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1549384 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 08:06 - 2014-04-20 08:07 - 00014285 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-04-20 08:06 - 2014-04-20 08:06 - 00000000 ____D () C:\FRST
2014-04-20 08:05 - 2014-04-20 08:05 - 02055680 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-04-20 08:04 - 2014-04-20 08:04 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-20 08:04 - 2014-04-20 08:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 08:04 - 2014-04-20 08:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-20 08:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-20 08:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-20 08:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-20 07:47 - 2014-04-20 07:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 21:09 - 2014-04-19 21:21 - 00033063 _____ () C:\windows\WindowsUpdate.log
2014-04-19 21:09 - 2014-04-19 21:09 - 00000000 _____ () C:\windows\setuperr.log
2014-04-19 21:09 - 2014-04-19 21:09 - 00000000 _____ () C:\windows\setupact.log
2014-04-19 20:46 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-19 20:46 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-04-19 20:46 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-04-19 20:46 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-04-19 20:36 - 2014-04-19 20:36 - 00089204 _____ () C:\Users\Thomas\Downloads\the-hobbit-the-desolation-of-smaug_german-890034.zip
2014-04-19 20:31 - 2014-04-19 20:31 - 00049572 _____ () C:\Users\Thomas\Downloads\the-hobbit-the-desolation-of-smaug_german-890089.zip
2014-04-13 15:15 - 2014-04-19 18:47 - 00000000 ____D () C:\Users\Thomas\Desktop\DUBAI
2014-04-12 09:01 - 2014-04-12 09:01 - 00001407 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-04-11 10:10 - 2014-04-11 10:11 - 75647482 _____ (ETS) C:\Users\Thomas\Downloads\toeflSample.exe
2014-04-07 14:39 - 2014-04-07 14:39 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\GMATPrep
2014-04-07 14:38 - 2014-04-09 11:00 - 00000000 ____D () C:\Users\Thomas\Desktop\GMAT
2014-04-07 14:38 - 2014-04-07 14:39 - 00000000 ____D () C:\Program Files (x86)\GMATPrep2012
2014-04-07 14:38 - 2013-10-21 18:55 - 00071280 _____ (Nalpeiron Ltd.) C:\windows\SysWOW64\nlssrv32.exe
2014-04-07 10:02 - 2014-04-07 10:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-04-07 10:01 - 2014-04-11 11:30 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-04-07 10:01 - 2014-04-07 10:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-07 10:01 - 2014-04-07 10:01 - 00000000 ____D () C:\ProgramData\Skype
2014-04-04 15:40 - 2014-04-19 18:19 - 00000000 ____D () C:\Users\Thomas\Documents\Gothic3
2014-04-04 15:39 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_5.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_3.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_41.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_41.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll
2014-04-04 15:39 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll
2014-04-04 15:39 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2014-04-04 15:39 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2014-04-04 15:39 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2014-04-04 15:39 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2014-04-04 15:39 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2014-04-04 15:39 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2014-04-04 15:39 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2014-04-04 15:39 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2014-04-04 15:39 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll
2014-04-04 15:39 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2014-04-04 15:39 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2014-04-04 15:39 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2014-04-04 15:39 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll
2014-04-04 15:39 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll
2014-04-04 15:39 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2014-04-04 15:39 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2014-04-04 15:39 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll
2014-04-04 15:39 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2014-04-04 15:39 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2014-04-04 15:39 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll
2014-04-04 15:39 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2014-04-04 15:39 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll
2014-04-04 15:39 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2014-04-04 15:39 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll
2014-04-04 15:39 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2014-04-04 15:39 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll
2014-04-04 15:39 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll
2014-04-04 15:39 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_10.dll
2014-04-04 15:39 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll
2014-04-04 15:39 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_36.dll
2014-04-04 15:39 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll
2014-04-04 15:39 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_36.dll
2014-04-04 15:39 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll
2014-04-04 15:39 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_36.dll
2014-04-04 15:39 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll
2014-04-04 15:39 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_9.dll
2014-04-04 15:39 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll
2014-04-04 15:39 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_35.dll
2014-04-04 15:39 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll
2014-04-04 15:39 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_35.dll
2014-04-04 15:38 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll
2014-04-04 15:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_2.dll
2014-04-04 15:38 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll
2014-04-04 15:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_35.dll
2014-04-04 15:38 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll
2014-04-04 15:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_8.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_34.dll
2014-04-04 15:38 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll
2014-04-04 15:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_7.dll
2014-04-04 15:38 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2014-04-04 15:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2014-04-04 15:38 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll
2014-04-04 15:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_33.dll
2014-04-04 15:38 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll
2014-04-04 15:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll
2014-04-04 15:38 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll
2014-04-04 15:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_33.dll
2014-04-04 15:38 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll
2014-04-04 15:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_1.dll
2014-04-04 15:38 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll
2014-04-04 15:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_6.dll
2014-04-04 15:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_5.dll
2014-04-04 15:38 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll
2014-04-04 15:38 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2014-04-04 15:38 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2014-04-04 15:38 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll
2014-04-04 15:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10.dll
2014-04-04 15:38 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2014-04-04 15:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll
2014-04-04 15:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_4.dll
2014-04-04 15:38 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll
2014-04-04 15:38 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll
2014-04-04 15:38 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll
2014-04-04 15:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_3.dll
2014-04-04 15:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll
2014-04-04 15:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_2.dll
2014-04-04 15:38 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll
2014-04-04 15:38 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll
2014-04-04 15:38 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll
2014-04-04 15:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_1.dll
2014-04-04 15:38 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll
2014-04-04 15:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll
2014-04-04 15:38 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll
2014-04-04 15:38 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_29.dll
2014-04-04 15:38 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll
2014-04-04 15:38 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_0.dll
2014-04-04 15:38 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll
2014-04-04 15:38 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_0.dll
2014-04-04 15:38 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll
2014-04-04 15:38 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_28.dll
2014-04-04 15:38 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll
2014-04-04 15:38 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_26.dll
2014-04-04 15:38 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll
2014-04-04 15:38 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_25.dll
2014-04-04 15:38 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll
2014-04-04 14:33 - 2014-04-04 14:33 - 00001919 _____ () C:\Users\Public\Desktop\Gothic III starten.lnk
2014-04-04 14:24 - 2014-04-04 14:24 - 00303616 _____ () C:\windows\system32\Drivers\atksgt.sys
2014-04-04 14:24 - 2014-04-04 14:24 - 00035328 _____ () C:\windows\system32\Drivers\lirsgt.sys
2014-04-04 14:15 - 2014-04-04 15:42 - 00000000 ____D () C:\Program Files (x86)\Gothic III
2014-03-31 19:36 - 2014-03-31 19:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-25 09:47 - 2014-03-25 09:47 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Kazaa Lite
2014-03-25 09:46 - 2014-03-25 09:46 - 00000000 ____D () C:\My Shared Folder
2014-03-25 09:46 - 1998-06-24 03:00 - 00108336 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSWINSCK.OCX
2014-03-25 09:05 - 2014-03-25 09:05 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Apple Computer
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Apple
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\ProgramData\Apple
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-24 17:22 - 2014-03-24 17:22 - 00422352 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-24 17:19 - 2014-03-24 17:19 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2014-03-24 13:59 - 2014-03-25 11:37 - 00000000 ____D () C:\Users\Thomas\Desktop\TOEFL
2014-03-21 13:38 - 2014-03-26 22:55 - 00000000 ____D () C:\Users\Thomas\Documents\Eigene Scans
2014-03-21 13:35 - 2014-03-21 13:35 - 00000000 ____D () C:\ProgramData\WEBREG
2014-03-21 13:34 - 2014-03-21 13:35 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\HP
2014-03-21 13:34 - 2014-03-21 13:34 - 00000000 ____D () C:\Users\Thomas\AppData\Local\HP
2014-03-21 13:33 - 2014-03-21 13:33 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\HpUpdate
2014-03-21 13:32 - 2014-03-21 13:32 - 00000000 ____D () C:\windows\SysWOW64\spool
2014-03-21 13:32 - 2014-03-21 13:32 - 00000000 ____D () C:\ProgramData\HP Product Assistant

==================== One Month Modified Files and Folders =======

2014-04-20 08:07 - 2014-04-20 08:06 - 00014285 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-04-20 08:06 - 2014-04-20 08:06 - 00000000 ____D () C:\FRST
2014-04-20 08:05 - 2014-04-20 08:05 - 02055680 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-04-20 08:04 - 2014-04-20 08:04 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-20 08:04 - 2014-04-20 08:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 08:04 - 2014-04-20 08:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-20 08:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-20 07:49 - 2014-04-20 07:47 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 22:20 - 2014-01-05 22:21 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-04-19 21:21 - 2014-04-19 21:09 - 00033063 _____ () C:\windows\WindowsUpdate.log
2014-04-19 21:09 - 2014-04-19 21:09 - 00000000 _____ () C:\windows\setuperr.log
2014-04-19 21:09 - 2014-04-19 21:09 - 00000000 _____ () C:\windows\setupact.log
2014-04-19 20:46 - 2013-12-17 10:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-19 20:46 - 2013-12-16 23:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-19 20:36 - 2014-04-19 20:36 - 00089204 _____ () C:\Users\Thomas\Downloads\the-hobbit-the-desolation-of-smaug_german-890034.zip
2014-04-19 20:31 - 2014-04-19 20:31 - 00049572 _____ () C:\Users\Thomas\Downloads\the-hobbit-the-desolation-of-smaug_german-890089.zip
2014-04-19 18:47 - 2014-04-13 15:15 - 00000000 ____D () C:\Users\Thomas\Desktop\DUBAI
2014-04-19 18:19 - 2014-04-04 15:40 - 00000000 ____D () C:\Users\Thomas\Documents\Gothic3
2014-04-19 07:50 - 2013-08-08 20:23 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Azureus
2014-04-18 21:09 - 2012-08-01 18:38 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-04-18 21:09 - 2012-08-01 18:38 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-04-18 21:09 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-18 12:53 - 2013-06-29 14:16 - 00000000 ____D () C:\Users\Thomas\Documents\Lebenslauf
2014-04-17 08:12 - 2013-07-08 23:14 - 00000000 ____D () C:\Users\Thomas\Documents\Uni
2014-04-14 21:19 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-04-14 20:13 - 2014-04-19 20:46 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-19 20:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-19 20:46 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-19 20:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-04-12 09:01 - 2014-04-12 09:01 - 00001407 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-04-12 09:01 - 2013-06-26 11:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
2014-04-12 09:01 - 2013-06-26 11:22 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-12 07:59 - 2013-06-25 09:40 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-11 16:45 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-11 11:30 - 2014-04-07 10:01 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-04-11 10:11 - 2014-04-11 10:10 - 75647482 _____ (ETS) C:\Users\Thomas\Downloads\toeflSample.exe
2014-04-09 11:00 - 2014-04-07 14:38 - 00000000 ____D () C:\Users\Thomas\Desktop\GMAT
2014-04-07 14:39 - 2014-04-07 14:39 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\GMATPrep
2014-04-07 14:39 - 2014-04-07 14:38 - 00000000 ____D () C:\Program Files (x86)\GMATPrep2012
2014-04-07 10:04 - 2013-06-25 09:39 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Packages
2014-04-07 10:02 - 2014-04-07 10:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-04-07 10:01 - 2014-04-07 10:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-07 10:01 - 2014-04-07 10:01 - 00000000 ____D () C:\ProgramData\Skype
2014-04-05 15:57 - 2013-06-26 14:13 - 00000000 ____D () C:\Users\Thomas\Desktop\Eigene Dateien
2014-04-04 15:42 - 2014-04-04 14:15 - 00000000 ____D () C:\Program Files (x86)\Gothic III
2014-04-04 14:33 - 2014-04-04 14:33 - 00001919 _____ () C:\Users\Public\Desktop\Gothic III starten.lnk
2014-04-04 14:24 - 2014-04-04 14:24 - 00303616 _____ () C:\windows\system32\Drivers\atksgt.sys
2014-04-04 14:24 - 2014-04-04 14:24 - 00035328 _____ () C:\windows\system32\Drivers\lirsgt.sys
2014-04-04 14:15 - 2012-09-10 22:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-03 09:51 - 2014-04-20 08:04 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 08:04 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 08:04 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-02 22:30 - 2013-08-08 20:23 - 00000000 ____D () C:\Program Files\Vuze
2014-03-31 19:36 - 2014-03-31 19:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-28 14:24 - 2013-11-29 11:37 - 00000000 ____D () C:\Program Files (x86)\Jowood
2014-03-26 22:55 - 2014-03-21 13:38 - 00000000 ____D () C:\Users\Thomas\Documents\Eigene Scans
2014-03-25 11:37 - 2014-03-24 13:59 - 00000000 ____D () C:\Users\Thomas\Desktop\TOEFL
2014-03-25 09:47 - 2014-03-25 09:47 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Kazaa Lite
2014-03-25 09:46 - 2014-03-25 09:46 - 00000000 ____D () C:\My Shared Folder
2014-03-25 09:05 - 2014-03-25 09:05 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Apple Computer
2014-03-24 18:50 - 2013-08-15 14:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-24 18:50 - 2013-08-15 14:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime Alternative
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Apple
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\ProgramData\Apple
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-24 17:22 - 2014-03-24 17:22 - 00422352 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-24 17:22 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-03-24 17:21 - 2013-08-12 11:52 - 00000000 ____D () C:\windows\system32\MRT
2014-03-24 17:20 - 2013-06-25 13:01 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-24 17:19 - 2014-03-24 17:19 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2014-03-24 17:11 - 2013-06-25 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 14:14 - 2013-06-25 11:35 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Winamp
2014-03-24 14:07 - 2013-06-25 10:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-21 13:35 - 2014-03-21 13:35 - 00000000 ____D () C:\ProgramData\WEBREG
2014-03-21 13:35 - 2014-03-21 13:34 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\HP
2014-03-21 13:35 - 2014-01-17 01:16 - 00003047 _____ () C:\ProgramData\hpzinstall.log
2014-03-21 13:34 - 2014-03-21 13:34 - 00000000 ____D () C:\Users\Thomas\AppData\Local\HP
2014-03-21 13:34 - 2014-01-17 01:16 - 00245520 _____ () C:\windows\hpwins26.dat
2014-03-21 13:34 - 2014-01-16 15:48 - 00000000 ____D () C:\ProgramData\HP
2014-03-21 13:34 - 2012-07-26 07:26 - 00000234 _____ () C:\windows\win.ini
2014-03-21 13:33 - 2014-03-21 13:33 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\HpUpdate
2014-03-21 13:33 - 2014-01-17 01:18 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-21 13:32 - 2014-03-21 13:32 - 00000000 ____D () C:\windows\SysWOW64\spool
2014-03-21 13:32 - 2014-03-21 13:32 - 00000000 ____D () C:\ProgramData\HP Product Assistant

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-09 17:32

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Thomas at 2014-04-20 08:08:24
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

4500_G510gm_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.4.622 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.4.622 - DVDVideoSoft Ltd.)
GMATPrep (HKLM-x32\...\GMATPrep 2.2.317) (Version: 2.2.317 - Graduate Management Admission Council (GMAC))
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Guild 2 King's Edition (HKLM-x32\...\{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}) (Version: 1.0.0 - JoWood)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510g-m 14.0 Rel. 6 (HKLM\...\{C55BF64E-60E1-494C-B1EB-97A008141A55}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
resident evil 4 (HKLM-x32\...\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}) (Version: 1.00.0000 - CAPCOM)
Resident Evil 4 version 2.20.17 HD (HKLM-x32\...\{0BD97EC6-047D-4727-B10A-9E21781D17DE}_is1) (Version: 2.20.17 HD - CAPCOM)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.910 - Toshiba Corporation) Hidden
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.0.0.0 - Azureus Software, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
x64 Components v4.1.8 (HKLM\...\Advanced x64Components_is1) (Version: 4.1.8 - Shark007)

==================== Restore Points  =========================

27-02-2014 13:29:58 Microsoft Office wird entfernt
01-03-2014 17:15:20 Installed Microsoft Office Professional 2010 Trial
18-03-2014 10:09:11 Removed TOSHIBA VIDEO PLAYER.
24-03-2014 15:01:49 Windows Update
31-03-2014 17:35:47 Installed 7-Zip 9.20 (x64 edition)
04-04-2014 12:14:48 Installiert Gothic III
19-04-2014 18:44:37 Installed Java 7 Update 55

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0767AEBA-D75D-45E3-B387-5E46AD0ABEEE} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe
Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {0EADE707-5B88-4398-9B88-53036E966FC7} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3162A109-3C6A-4CC2-BB6B-CEF86286FC1E} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {76B1C7D4-799F-47A4-8159-EEDCD9FF2093} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-18] (Synaptics Incorporated)
Task: {7A057D3E-4F0E-484E-A161-90D88E6E9641} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
Task: {821EB75E-FE85-4641-B006-B33D4FF27D56} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {851D831B-42E9-4A3C-BB3B-490F82750480} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16] (Adobe Systems Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AFFF97FE-E4FB-4652-95B3-CC6E3B363C83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {B2AC3F5C-C134-48B6-B1A8-FF13A8095AFE} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3796240173-509024344-3822763771-1001Core.job => C:\Users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\RDReminder.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\windows\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2011-10-14 00:38 - 2011-10-14 00:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-07-19 04:38 - 2012-07-19 04:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 04:38 - 2012-07-19 04:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 05:13 - 2012-08-14 05:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2012-08-06 06:36 - 2012-08-06 06:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-20 08:03 - 2014-04-20 08:03 - 00706560 _____ () C:\Users\Thomas\AppData\Local\Temp\is-VHHB0.tmp\mbam-setup-2.0.1.1004.tmp
2014-04-20 08:03 - 2014-04-20 08:03 - 00706560 _____ () C:\Users\Thomas\AppData\Local\Temp\is-7DSDH.tmp\mbam-setup-2.0.1.1004.tmp
2014-03-18 14:06 - 2014-02-25 12:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-27 19:18 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-16 17:46 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: hp LaserJet 4250
Description: hp LaserJet 4250
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CM1312nfi MFP
Description: HP Color LaserJet CM1312nfi MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2014 08:08:51 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:08:51Z. Fehlercode: 0x80040154.

Error: (04/20/2014 08:08:21 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:08:21Z. Fehlercode: 0x80040154.

Error: (04/20/2014 08:07:51 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:07:51Z. Fehlercode: 0x80040154.

Error: (04/20/2014 08:07:21 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:07:21Z. Fehlercode: 0x80040154.

Error: (04/20/2014 08:06:51 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:06:51Z. Fehlercode: 0x80040154.

Error: (04/20/2014 08:06:21 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:06:21Z. Fehlercode: 0x80040154.

Error: (04/20/2014 08:05:51 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:05:51Z. Fehlercode: 0x80040154.

Error: (04/20/2014 08:05:21 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:05:21Z. Fehlercode: 0x80040154.

Error: (04/20/2014 08:04:51 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:04:51Z. Fehlercode: 0x80040154.

Error: (04/20/2014 08:04:21 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-27T06:04:21Z. Fehlercode: 0x80040154.


System errors:
=============
Error: (04/04/2014 02:24:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (04/04/2014 02:24:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (03/18/2014 02:33:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070003 fehlgeschlagen: German ESD Bundle Parent

Error: (03/16/2014 10:45:38 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ACER-KOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{ECBB7EF3-96AB-4D01-A8D4-843DB4959018}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/14/2014 10:34:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.

Error: (03/10/2014 10:53:05 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ACER-KOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{ECBB7EF3-96AB-4D01-A8D4-843DB4959018}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/05/2014 03:58:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Foxit Cloud Safe Update Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/01/2014 05:30:00 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ACER-KOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{ECBB7EF3-96AB-4D01-A8D4-843DB4959018}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/28/2014 08:30:36 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ACER-KOMPUTER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{ECBB7EF3-96AB-4D01-A8D4-843DB4959018}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/26/2014 07:42:48 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.103
registriert werden. Der Computer mit IP-Adresse 192.168.1.101 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (04/20/2014 08:09:21 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:09:21Z

Error: (04/20/2014 08:08:51 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:08:51Z

Error: (04/20/2014 08:08:21 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:08:21Z

Error: (04/20/2014 08:07:51 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:07:51Z

Error: (04/20/2014 08:07:21 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:07:21Z

Error: (04/20/2014 08:06:51 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:06:51Z

Error: (04/20/2014 08:06:21 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:06:21Z

Error: (04/20/2014 08:05:51 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:05:51Z

Error: (04/20/2014 08:05:21 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:05:21Z

Error: (04/20/2014 08:04:51 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-27T06:04:51Z


CodeIntegrity Errors:
===================================
  Date: 2014-04-04 14:24:36.324
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-04 14:24:36.127
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 6025.22 MB
Available physical RAM: 2296.81 MB
Total Pagefile: 9145.22 MB
Available Pagefile: 2559.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (TI30992300A) (Fixed) (Total:590.51 GB) (Free:403.07 GB) NTFS
Drive z: (Volume) (Fixed) (Total:97.66 GB) (Free:76.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.04.2014
Suchlauf-Zeit: 09:46:46
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.20.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Thomas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 254155
Verstrichene Zeit: 1 Std, 29 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 6
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [6d93d12f58a8fb05cc61163640c23bc5], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [6d93d12f58a8fb05cc61163640c23bc5], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3796240173-509024344-3822763771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [8b75c23e19e7649c60055045719211ef], 
PUP.Optional.Delta.A, HKU\S-1-5-21-3796240173-509024344-3822763771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\delta LTD, In Quarantäne, [3dc321df7f8134ccc55cb1e6c43fab55], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-3796240173-509024344-3822763771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Redir, In Quarantäne, [ec14f50b18e82bd5115c900616ed639d], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-3796240173-509024344-3822763771-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [b848d0300df3ed1373fb85112fd42fd1], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 2
PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy, In Quarantäne, [35cb7f8110f006fa54b4451ab44edc24], 
PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy\6C45A6A7E5E64567AAAE971386658255, In Quarantäne, [35cb7f8110f006fa54b4451ab44edc24], 

Dateien: 3
PUP.Optional.Babylon.A, C:\Users\Thomas\AppData\Roaming\OpenCandy\6C45A6A7E5E64567AAAE971386658255\DeltaTB.exe, In Quarantäne, [32cead530cf431cf954e0000a45d6f91], 
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, In Quarantäne, [04fc53ad01ff649cbdd89032a859f30d], 
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [bb4524dc02fe5ea2ac67295035cdda26], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Ich hoffe soweit passt es für den Anfang, vielen Dank schon mal für die Hilfe!!

LG,
Gin

Zitat:

RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast. Mindestens deine MS-Office-Installation ist geecrackt.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

Sehr interessant, Danke für die Info! ...und ich habe mich noch gewundert, was dieser Emulator sei. Das Office Programm hat mir mein Sohn installiert... den KMS Emulator habe ich bereits aus der Quarantäne von MWB gelöscht. Das Office wird wohl ebenso verseucht sein nehme ich an, also werde ich das wohl auch besser entfernen...

Danke!

Wie gesagt, deinstallier alles gecrackte, sonst gehts hier nicht weiter mit der Bereinigung.

Danke, schon deinstalliert!!! Nebenbei, ist OpenOffice eine brauchbare Alternative zu Word? Word ist auch das einzige Programm das ich benutze.. wäre dankbar für einen Tipp, Danke!

LG,
Gin

Ich verwende meistens LibreOffice, auch unter Linux

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,
Ich habe Combofix ausgeführt allerdings einen blöden, hoffentlich nicht wesentlichen, Fehler gemacht.(Hab nur deine EMail Nachricht gelesen (da stand bloß Combofix ausführen) und habe nicht ins Forum geschaut...ich Depp!

Wie auch immer, hatte die Office Dateien nur von den Kacheln in Win8 deinstalliert und der Office -Ordner war noch im System...da lief Combofix bereits kurz... habe dann Combofix abgebrochen und die Reste von Office per CCleaner deinstalliert...danach nochmal CF ausgeführt...

Nach Beendigung von CF blieb mein Bildschirm blau (bloß der Hintergrund ohne Windows-Plattform)...konnte nichts mehr machen --> Rechner neu gestartet, jetzt läuft alles normal,
Anmerkung: mein Arbeitsspeicher ist nun "nur mehr" mit 1,9 GB augelastet, also die Hälfte wie zu Beginn
P.S: Danke für den guten LibreOffice Tipp!!



Hier mein

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 14-04-20.01 - Thomas 22.04.2014   9:19.2.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.6025.4932 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-22 bis 2014-04-22  ))))))))))))))))))))))))))))))
.
.
2014-04-22 07:29 . 2014-04-22 07:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-22 06:57 . 2014-04-22 06:57	--------	d-----w-	c:\users\Thomas\AppData\Roaming\GetRightToGo
2014-04-21 14:23 . 2014-04-21 14:23	--------	d-----w-	c:\windows\ERUNT
2014-04-21 14:06 . 2014-04-21 14:11	--------	d-----w-	C:\AdwCleaner
2014-04-21 08:53 . 2014-04-21 08:53	--------	d-----w-	c:\program files (x86)\ETS
2014-04-21 08:52 . 2014-04-21 08:52	--------	d-----w-	c:\users\Thomas\AppData\Local\Downloaded Installations
2014-04-20 07:53 . 2014-04-20 07:53	--------	d-----w-	c:\program files\Recuva
2014-04-20 06:15 . 2014-04-21 20:25	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-20 06:06 . 2014-04-20 06:09	--------	d-----w-	C:\FRST
2014-04-20 06:04 . 2014-04-20 06:04	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-04-20 06:04 . 2014-04-20 06:04	--------	d-----w-	c:\programdata\Malwarebytes
2014-04-20 06:04 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-20 06:04 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-20 06:04 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-19 18:46 . 2014-04-14 18:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 07:26 . 2014-01-27 00:31	19752448	----a-w-	c:\windows\system32\shell32.dll
2014-04-11 14:49 . 2014-02-05 23:41	978432	----a-w-	c:\windows\system32\KernelBase.dll
2014-04-11 14:49 . 2014-02-05 23:41	1257984	----a-w-	c:\windows\system32\kernel32.dll
2014-04-11 14:49 . 2014-02-05 23:26	666112	----a-w-	c:\windows\SysWow64\KernelBase.dll
2014-04-07 12:39 . 2014-04-07 12:39	--------	d-----w-	c:\users\Thomas\AppData\Roaming\GMATPrep
2014-04-07 12:38 . 2013-10-21 16:55	71280	----a-w-	c:\windows\SysWow64\nlssrv32.exe
2014-04-07 12:38 . 2014-04-07 12:39	--------	d-----w-	c:\program files (x86)\GMATPrep2012
2014-04-07 08:02 . 2014-04-07 08:02	--------	d-----w-	c:\users\Thomas\AppData\Local\Skype
2014-04-07 08:01 . 2014-04-20 13:24	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Skype
2014-04-07 08:01 . 2014-04-07 08:01	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-04-07 08:01 . 2014-04-07 08:01	--------	d-----r-	c:\program files (x86)\Skype
2014-04-07 08:01 . 2014-04-07 08:01	--------	d-----w-	c:\programdata\Skype
2014-04-04 13:38 . 2007-07-19 16:14	5073256	----a-w-	c:\windows\system32\d3dx9_35.dll
2014-04-04 12:24 . 2014-04-04 12:24	303616	----a-w-	c:\windows\system32\drivers\atksgt.sys
2014-04-04 12:24 . 2014-04-04 12:24	35328	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2014-04-04 12:15 . 2014-04-04 13:42	--------	d-----w-	c:\program files (x86)\Gothic III
2014-04-04 12:13 . 2014-04-04 12:13	303236	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2014-04-04 12:13 . 2014-04-04 12:13	180356	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2014-04-04 12:13 . 2004-07-15 22:20	733184	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2014-04-04 12:13 . 2004-07-15 22:20	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2014-04-04 12:13 . 2004-07-15 22:19	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2014-04-04 12:13 . 2004-07-15 22:18	172032	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2014-04-04 12:13 . 2004-07-15 22:18	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2014-03-31 17:36 . 2014-03-31 17:36	--------	d-----w-	c:\program files\7-Zip
2014-03-25 07:47 . 2014-03-25 07:47	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Kazaa Lite
2014-03-25 07:46 . 1998-06-24 01:00	108336	----a-w-	c:\windows\SysWow64\MSWINSCK.OCX
2014-03-25 07:46 . 2014-04-21 14:55	--------	d-----w-	C:\My Shared Folder
2014-03-25 07:05 . 2014-03-25 07:05	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Apple Computer
2014-03-24 16:50 . 2014-03-24 16:50	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-03-24 16:50 . 2014-03-24 16:50	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-03-24 16:50 . 2014-03-24 16:50	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-03-24 16:50 . 2014-03-24 16:50	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-03-24 16:49 . 2014-03-24 16:49	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2014-03-24 16:49 . 2014-03-24 16:49	--------	d-----w-	c:\users\Thomas\AppData\Local\Apple
2014-03-24 16:49 . 2014-03-24 16:49	--------	d-----w-	c:\programdata\Apple
2014-03-24 16:49 . 2014-03-24 16:49	--------	d-----w-	c:\program files (x86)\Apple Software Update
2014-03-24 15:19 . 2014-03-24 15:19	--------	d-----w-	c:\windows\SysWow64\RTCOM
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-20 21:00 . 2013-06-25 11:01	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-03-31 21:18 . 2013-10-31 13:03	78296	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 21:18 . 2013-10-31 13:03	694232	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-19 08:28 . 2014-03-19 08:29	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-02-25 10:41 . 2014-03-18 12:06	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-02-25 10:41 . 2014-03-18 12:06	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-02-25 10:41 . 2014-03-18 12:06	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-02-23 08:13 . 2014-03-14 20:44	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2014-02-23 08:13 . 2014-03-14 20:44	2241536	----a-w-	c:\windows\system32\wininet.dll
2014-02-23 08:13 . 2014-03-14 20:44	915968	----a-w-	c:\windows\system32\uxtheme.dll
2014-02-23 08:13 . 2014-03-14 20:44	53760	----a-w-	c:\windows\system32\UXInit.dll
2014-02-23 08:13 . 2014-03-14 20:44	1365504	----a-w-	c:\windows\system32\urlmon.dll
2014-02-23 08:12 . 2014-03-14 20:44	197120	----a-w-	c:\windows\system32\msrating.dll
2014-02-23 08:12 . 2014-03-14 20:45	19273216	----a-w-	c:\windows\system32\mshtml.dll
2014-02-23 08:12 . 2014-03-14 20:44	603136	----a-w-	c:\windows\system32\msfeeds.dll
2014-02-23 08:11 . 2014-03-14 20:44	3960320	----a-w-	c:\windows\system32\jscript9.dll
2014-02-23 08:11 . 2014-03-14 20:44	855552	----a-w-	c:\windows\system32\jscript.dll
2014-02-23 08:11 . 2014-03-14 20:44	53760	----a-w-	c:\windows\system32\jsproxy.dll
2014-02-23 08:11 . 2014-03-14 20:44	2648576	----a-w-	c:\windows\system32\iertutil.dll
2014-02-23 08:11 . 2014-03-14 20:44	136704	----a-w-	c:\windows\system32\iesysprep.dll
2014-02-23 08:11 . 2014-03-14 20:44	67072	----a-w-	c:\windows\system32\iesetup.dll
2014-02-23 08:11 . 2014-03-14 20:44	15404032	----a-w-	c:\windows\system32\ieframe.dll
2014-02-23 08:11 . 2014-03-14 20:44	39936	----a-w-	c:\windows\system32\iernonce.dll
2014-02-23 06:54 . 2014-03-14 20:44	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2014-02-23 06:54 . 2014-03-14 20:44	44032	----a-w-	c:\windows\SysWow64\UXInit.dll
2014-02-23 06:53 . 2014-03-14 20:44	2877952	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-02-23 06:53 . 2014-03-14 20:44	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-02-23 06:53 . 2014-03-14 20:44	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-02-23 06:35 . 2014-03-14 20:44	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2014-02-23 06:31 . 2014-03-14 20:44	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-02-23 04:06 . 2014-03-14 20:44	534528	----a-w-	c:\windows\SysWow64\uxtheme.dll
2014-02-17 12:30 . 2014-02-27 18:54	1031560	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F38B66E-BE9E-439D-853D-AB2D4305725A}\gapaengine.dll
2014-02-08 04:34 . 2014-03-14 20:45	4036608	----a-w-	c:\windows\system32\win32k.sys
2014-02-06 09:01 . 2014-03-17 15:06	10536864	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E85A57F-0826-4C62-89EC-6C3D54634715}\mpengine.dll
2014-02-05 23:41 . 2014-03-14 20:43	595968	----a-w-	c:\windows\system32\qedit.dll
2014-02-05 23:37 . 2014-03-14 20:43	496640	----a-w-	c:\windows\SysWow64\qedit.dll
2014-01-31 00:48 . 2014-03-14 20:43	1339392	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-01-31 00:06 . 2014-03-14 20:43	1628160	----a-w-	c:\windows\system32\WindowsCodecs.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-08-01 155488]
"TPUReg"="c:\program files (x86)\TOSHIBA\Password Utility\TosPU.exe" [2012-08-23 6884352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2014-01-17 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2011-4-29 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNe64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNe64.sys [x]
R3 RTL8192Ce;Treiber für Realtek Wireless LAN 802.11n PCI-E NIC;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 TemproMonitoringService;TEMPRO Service;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\System32\drivers\tos_sps64.sys;c:\windows\SYSNATIVE\drivers\tos_sps64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe;c:\program files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nlsx86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys;c:\program files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\Teco\TecoService.exe;c:\program files\TOSHIBA\Teco\TecoService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-25 06:40]
.
2013-10-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3796240173-509024344-3822763771-1001Core.job
- c:\users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-11 18:03]
.
2013-10-31 c:\windows\Tasks\Synaptics TouchPad Enhancements.job
- c:\program files\Synaptics\SynTP\SynTPEnh.exe [2012-08-18 21:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TODDMain"="c:\program files (x86)\TOSHIBA\System Setting\TODDMain.exe" [2012-08-04 213136]
"TecoResident"="c:\program files\TOSHIBA\Teco\TecoResident.exe" [2012-08-14 169896]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-07-27 2170784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-06 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-06 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-06 442328]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-09-27 13196432]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba13.msn.com
mDefault_Page_URL = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS - Deutsch
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/deu/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Free YouTube Download_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3796240173-509024344-3822763771-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-04-22  09:34:50
ComboFix-quarantined-files.txt  2014-04-22 07:34
.
Vor Suchlauf: 14 Verzeichnis(se), 434.407.538.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 434.107.244.544 Bytes frei
.
- - End Of File - - F36DB6A7873A6C6562963F50C383F668
         

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.103 - Bericht erstellt am 22/04/2014 um 10:37:49
# Aktualisiert 21/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Thomas - TOSHIBA-TH
# Gestartet von : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2581 octets] - [21/04/2014 16:06:13]
AdwCleaner[R1].txt - [893 octets] - [22/04/2014 10:33:27]
AdwCleaner[S0].txt - [2389 octets] - [21/04/2014 16:11:27]
AdwCleaner[S1].txt - [815 octets] - [22/04/2014 10:37:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [874 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Thomas on 22.04.2014 at 10:43:26,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Thomas\AppData\Roaming\getrighttogo"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.04.2014 at 10:54:15,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Thomas (administrator) on TOSHIBA-TH on 22-04-2014 10:58:23
Running from C:\Users\Thomas\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\nlssrv32.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-18] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {5640B88D-60D1-435C-B24C-02FACBE4F49E} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Homepage: https://startpage.com/deu/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-24]
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\dtmzryah.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-27] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-04-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-04-04] ()
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1549384 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1549384 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 10:56 - 2014-04-22 10:58 - 00012613 _____ () C:\Users\Thomas\Desktop\FRST.txt
2014-04-22 10:56 - 2014-04-22 10:56 - 00000000 ____D () C:\Users\Thomas\Desktop\FRST-OlderVersion
2014-04-22 10:54 - 2014-04-22 10:54 - 00000694 _____ () C:\Users\Thomas\Desktop\JRT.txt
2014-04-22 10:41 - 2014-04-22 10:41 - 00000953 _____ () C:\Users\Thomas\Desktop\AdwCleaner[S1].txt
2014-04-22 10:17 - 2014-04-22 10:17 - 00000000 ____D () C:\Users\Thomas\Desktop\MBA
2014-04-22 10:13 - 2014-04-22 10:13 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-04-22 10:12 - 2014-04-22 10:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\LibreOffice
2014-04-22 10:08 - 2014-04-22 10:08 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-04-22 10:06 - 2014-04-22 10:08 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-04-22 10:03 - 2014-04-22 10:04 - 220860416 _____ () C:\Users\Thomas\Downloads\LibreOffice_4.2.3_Win_x86.msi
2014-04-22 09:34 - 2014-04-22 09:34 - 00018188 _____ () C:\ComboFix.txt
2014-04-22 09:16 - 2014-04-22 09:40 - 00001338 _____ () C:\windows\PFRO.log
2014-04-22 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-22 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-22 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-22 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-22 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-22 09:00 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-04-22 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-22 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-22 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-22 08:59 - 2014-04-22 09:34 - 00000000 ____D () C:\Qoobox
2014-04-22 08:59 - 2014-04-22 09:31 - 00000000 ____D () C:\windows\erdnt
2014-04-22 08:58 - 2014-04-22 08:58 - 05196870 ____R (Swearware) C:\Users\Thomas\Downloads\ComboFix.exe
2014-04-22 08:57 - 2014-04-22 08:57 - 00368256 _____ (RegNow.com) C:\Users\Thomas\Downloads\Download_MaxSDDMnew.exe
2014-04-21 21:54 - 2014-04-22 10:50 - 00056841 _____ () C:\windows\WindowsUpdate.log
2014-04-21 18:59 - 2014-04-21 18:59 - 03710504 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\ccsetup412_slim.exe
2014-04-21 16:40 - 2014-04-21 16:40 - 54662896 _____ (Graduate Management Admission Council (GMAC)) C:\Users\Thomas\Downloads\GMATPrep-2.2.317-Windows.exe
2014-04-21 16:23 - 2014-04-21 16:23 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 16:06 - 2014-04-22 10:37 - 00000000 ____D () C:\AdwCleaner
2014-04-21 16:05 - 2014-04-21 16:05 - 01016261 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe
2014-04-21 14:42 - 2014-04-21 14:42 - 34763504 _____ (DVDVideoSoft Ltd. ) C:\Users\Thomas\Downloads\FreeYouTubeToMP3Converter.exe
2014-04-21 10:53 - 2014-04-21 10:53 - 00000000 ____D () C:\Program Files (x86)\ETS
2014-04-21 10:52 - 2014-04-21 10:52 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Downloaded Installations
2014-04-20 15:11 - 2014-04-20 15:12 - 00000000 ____D () C:\Users\Thomas\Desktop\Ostern2014
2014-04-20 10:12 - 2014-04-22 10:32 - 01324843 _____ () C:\Users\Thomas\Desktop\adwcleaner.exe
2014-04-20 09:53 - 2014-04-20 09:53 - 00000000 ____D () C:\Program Files\Recuva
2014-04-20 09:52 - 2014-04-20 09:52 - 03161056 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\rcsetup151_slim.exe
2014-04-20 08:15 - 2014-04-21 22:25 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 08:15 - 2014-04-20 08:15 - 00007609 _____ () C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
2014-04-20 08:08 - 2014-04-20 08:09 - 00026374 _____ () C:\Users\Thomas\Downloads\Addition.txt
2014-04-20 08:06 - 2014-04-22 10:58 - 00000000 ____D () C:\FRST
2014-04-20 08:06 - 2014-04-20 08:09 - 00047955 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-04-20 08:05 - 2014-04-22 10:56 - 02061312 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2014-04-20 08:04 - 2014-04-20 08:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 08:04 - 2014-04-20 08:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-20 08:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-20 08:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-20 08:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-20 07:47 - 2014-04-20 07:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 20:46 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-19 20:46 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-04-19 20:46 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-04-19 20:46 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-04-19 20:36 - 2014-04-19 20:36 - 00089204 _____ () C:\Users\Thomas\Downloads\the-hobbit-the-desolation-of-smaug_german-890034.zip
2014-04-19 20:31 - 2014-04-19 20:31 - 00049572 _____ () C:\Users\Thomas\Downloads\the-hobbit-the-desolation-of-smaug_german-890089.zip
2014-04-13 15:15 - 2014-04-20 10:07 - 00000000 ____D () C:\Users\Thomas\Desktop\DUBAI 2014
2014-04-12 09:26 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-12 09:26 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-12 09:25 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 09:25 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 09:25 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-12 09:25 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-12 09:25 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-04-12 09:25 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 09:25 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 09:25 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-12 09:25 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-12 09:25 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 09:25 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-12 09:25 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 09:25 - 2014-01-27 01:17 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-12 09:25 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-12 09:25 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 09:25 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 09:25 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 09:25 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-12 09:01 - 2014-04-12 09:01 - 00001407 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-04-11 16:49 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-11 16:49 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-11 16:49 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-04-11 16:49 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-11 10:10 - 2014-04-11 10:11 - 75647482 _____ (ETS) C:\Users\Thomas\Downloads\toeflSample.exe
2014-04-07 14:39 - 2014-04-07 14:39 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\GMATPrep
2014-04-07 14:38 - 2014-04-09 11:00 - 00000000 ____D () C:\Users\Thomas\Desktop\GMAT
2014-04-07 14:38 - 2014-04-07 14:39 - 00000000 ____D () C:\Program Files (x86)\GMATPrep2012
2014-04-07 14:38 - 2013-10-21 18:55 - 00071280 _____ (Nalpeiron Ltd.) C:\windows\SysWOW64\nlssrv32.exe
2014-04-07 10:02 - 2014-04-07 10:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-04-07 10:01 - 2014-04-20 15:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-04-07 10:01 - 2014-04-07 10:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-07 10:01 - 2014-04-07 10:01 - 00000000 ____D () C:\ProgramData\Skype
2014-04-04 15:40 - 2014-04-19 18:19 - 00000000 ____D () C:\Users\Thomas\Documents\Gothic3
2014-04-04 15:39 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-04-04 15:39 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2014-04-04 15:39 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2014-04-04 15:39 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_5.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll
2014-04-04 15:39 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_3.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2014-04-04 15:39 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2014-04-04 15:39 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_41.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll
2014-04-04 15:39 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_41.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2014-04-04 15:39 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll
2014-04-04 15:39 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll
2014-04-04 15:39 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll
2014-04-04 15:39 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2014-04-04 15:39 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2014-04-04 15:39 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2014-04-04 15:39 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2014-04-04 15:39 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2014-04-04 15:39 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2014-04-04 15:39 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2014-04-04 15:39 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2014-04-04 15:39 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2014-04-04 15:39 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll
2014-04-04 15:39 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2014-04-04 15:39 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2014-04-04 15:39 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2014-04-04 15:39 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll
2014-04-04 15:39 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2014-04-04 15:39 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll
2014-04-04 15:39 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2014-04-04 15:39 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2014-04-04 15:39 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll
2014-04-04 15:39 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2014-04-04 15:39 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2014-04-04 15:39 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll
2014-04-04 15:39 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2014-04-04 15:39 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll
2014-04-04 15:39 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2014-04-04 15:39 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll
2014-04-04 15:39 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2014-04-04 15:39 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll
2014-04-04 15:39 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll
2014-04-04 15:39 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_10.dll
2014-04-04 15:39 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll
2014-04-04 15:39 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_36.dll
2014-04-04 15:39 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll
2014-04-04 15:39 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_36.dll
2014-04-04 15:39 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll
2014-04-04 15:39 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_36.dll
2014-04-04 15:39 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll
2014-04-04 15:39 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_9.dll
2014-04-04 15:39 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll
2014-04-04 15:39 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_35.dll
2014-04-04 15:39 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll
2014-04-04 15:39 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_35.dll
2014-04-04 15:38 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll
2014-04-04 15:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_2.dll
2014-04-04 15:38 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll
2014-04-04 15:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_35.dll
2014-04-04 15:38 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll
2014-04-04 15:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_8.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll
2014-04-04 15:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_34.dll
2014-04-04 15:38 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll
2014-04-04 15:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_7.dll
2014-04-04 15:38 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2014-04-04 15:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2014-04-04 15:38 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll
2014-04-04 15:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_33.dll
2014-04-04 15:38 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll
2014-04-04 15:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll
2014-04-04 15:38 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll
2014-04-04 15:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_33.dll
2014-04-04 15:38 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll
2014-04-04 15:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_1.dll
2014-04-04 15:38 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll
2014-04-04 15:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_6.dll
2014-04-04 15:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_5.dll
2014-04-04 15:38 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll
2014-04-04 15:38 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2014-04-04 15:38 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2014-04-04 15:38 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll
2014-04-04 15:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10.dll
2014-04-04 15:38 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2014-04-04 15:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll
2014-04-04 15:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_4.dll
2014-04-04 15:38 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll
2014-04-04 15:38 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll
2014-04-04 15:38 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll
2014-04-04 15:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_3.dll
2014-04-04 15:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll
2014-04-04 15:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_2.dll
2014-04-04 15:38 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll
2014-04-04 15:38 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll
2014-04-04 15:38 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll
2014-04-04 15:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_1.dll
2014-04-04 15:38 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll
2014-04-04 15:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll
2014-04-04 15:38 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll
2014-04-04 15:38 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_29.dll
2014-04-04 15:38 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll
2014-04-04 15:38 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_0.dll
2014-04-04 15:38 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll
2014-04-04 15:38 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_0.dll
2014-04-04 15:38 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll
2014-04-04 15:38 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_28.dll
2014-04-04 15:38 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll
2014-04-04 15:38 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_26.dll
2014-04-04 15:38 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll
2014-04-04 15:38 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_25.dll
2014-04-04 15:38 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll
2014-04-04 14:33 - 2014-04-04 14:33 - 00001919 _____ () C:\Users\Public\Desktop\G III.lnk
2014-04-04 14:24 - 2014-04-04 14:24 - 00303616 _____ () C:\windows\system32\Drivers\atksgt.sys
2014-04-04 14:24 - 2014-04-04 14:24 - 00035328 _____ () C:\windows\system32\Drivers\lirsgt.sys
2014-04-04 14:15 - 2014-04-04 15:42 - 00000000 ____D () C:\Program Files (x86)\Gothic III
2014-03-31 19:36 - 2014-03-31 19:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-25 09:47 - 2014-03-25 09:47 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Kazaa Lite
2014-03-25 09:46 - 2014-04-21 16:55 - 00000000 ____D () C:\My Shared Folder
2014-03-25 09:46 - 1998-06-24 03:00 - 00108336 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSWINSCK.OCX
2014-03-25 09:05 - 2014-03-25 09:05 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Apple Computer
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Apple
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\ProgramData\Apple
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-24 17:22 - 2014-04-22 10:38 - 00474816 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-24 17:19 - 2014-03-24 17:19 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2014-03-24 13:59 - 2014-03-25 11:37 - 00000000 ____D () C:\Users\Thomas\Desktop\TOEFL

==================== One Month Modified Files and Folders =======

2014-04-22 10:58 - 2014-04-22 10:56 - 00012613 _____ () C:\Users\Thomas\Desktop\FRST.txt
2014-04-22 10:58 - 2014-04-20 08:06 - 00000000 ____D () C:\FRST
2014-04-22 10:56 - 2014-04-22 10:56 - 00000000 ____D () C:\Users\Thomas\Desktop\FRST-OlderVersion
2014-04-22 10:56 - 2014-04-20 08:05 - 02061312 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2014-04-22 10:54 - 2014-04-22 10:54 - 00000694 _____ () C:\Users\Thomas\Desktop\JRT.txt
2014-04-22 10:50 - 2014-04-21 21:54 - 00056841 _____ () C:\windows\WindowsUpdate.log
2014-04-22 10:44 - 2012-08-01 18:38 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-04-22 10:44 - 2012-08-01 18:38 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-04-22 10:44 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-22 10:44 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-22 10:41 - 2014-04-22 10:41 - 00000953 _____ () C:\Users\Thomas\Desktop\AdwCleaner[S1].txt
2014-04-22 10:38 - 2014-03-24 17:22 - 00474816 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-22 10:37 - 2014-04-21 16:06 - 00000000 ____D () C:\AdwCleaner
2014-04-22 10:33 - 2013-06-25 11:35 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Winamp
2014-04-22 10:32 - 2014-04-20 10:12 - 01324843 _____ () C:\Users\Thomas\Desktop\adwcleaner.exe
2014-04-22 10:17 - 2014-04-22 10:17 - 00000000 ____D () C:\Users\Thomas\Desktop\MBA
2014-04-22 10:13 - 2014-04-22 10:13 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-04-22 10:12 - 2014-04-22 10:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\LibreOffice
2014-04-22 10:08 - 2014-04-22 10:08 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-04-22 10:08 - 2014-04-22 10:06 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-04-22 10:04 - 2014-04-22 10:03 - 220860416 _____ () C:\Users\Thomas\Downloads\LibreOffice_4.2.3_Win_x86.msi
2014-04-22 09:40 - 2014-04-22 09:16 - 00001338 _____ () C:\windows\PFRO.log
2014-04-22 09:34 - 2014-04-22 09:34 - 00018188 _____ () C:\ComboFix.txt
2014-04-22 09:34 - 2014-04-22 08:59 - 00000000 ____D () C:\Qoobox
2014-04-22 09:31 - 2014-04-22 08:59 - 00000000 ____D () C:\windows\erdnt
2014-04-22 09:29 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-04-22 09:10 - 2013-08-16 14:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-22 09:09 - 2012-07-26 09:52 - 00000000 ____D () C:\windows\ShellNew
2014-04-22 09:09 - 2012-07-26 07:26 - 00000143 _____ () C:\windows\win.ini
2014-04-22 09:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-22 08:58 - 2014-04-22 08:58 - 05196870 ____R (Swearware) C:\Users\Thomas\Downloads\ComboFix.exe
2014-04-22 08:57 - 2014-04-22 08:57 - 00368256 _____ (RegNow.com) C:\Users\Thomas\Downloads\Download_MaxSDDMnew.exe
2014-04-21 22:25 - 2014-04-20 08:15 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 22:13 - 2013-08-08 20:23 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Azureus
2014-04-21 18:59 - 2014-04-21 18:59 - 03710504 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\ccsetup412_slim.exe
2014-04-21 18:11 - 2014-01-05 22:21 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-04-21 16:55 - 2014-03-25 09:46 - 00000000 ____D () C:\My Shared Folder
2014-04-21 16:40 - 2014-04-21 16:40 - 54662896 _____ (Graduate Management Admission Council (GMAC)) C:\Users\Thomas\Downloads\GMATPrep-2.2.317-Windows.exe
2014-04-21 16:23 - 2014-04-21 16:23 - 00000000 ____D () C:\windows\ERUNT
2014-04-21 16:05 - 2014-04-21 16:05 - 01016261 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe
2014-04-21 14:42 - 2014-04-21 14:42 - 34763504 _____ (DVDVideoSoft Ltd. ) C:\Users\Thomas\Downloads\FreeYouTubeToMP3Converter.exe
2014-04-21 10:54 - 2013-06-25 13:39 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Macromedia
2014-04-21 10:53 - 2014-04-21 10:53 - 00000000 ____D () C:\Program Files (x86)\ETS
2014-04-21 10:52 - 2014-04-21 10:52 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Downloaded Installations
2014-04-21 00:10 - 2013-06-25 09:40 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 00:10 - 2013-06-25 09:40 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-21 00:07 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-21 00:07 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-21 00:07 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-04-21 00:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-21 00:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-21 00:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-21 00:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-20 23:03 - 2013-08-12 11:52 - 00000000 ____D () C:\windows\system32\MRT
2014-04-20 23:00 - 2013-06-25 13:01 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-20 15:24 - 2014-04-07 10:01 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-04-20 15:12 - 2014-04-20 15:11 - 00000000 ____D () C:\Users\Thomas\Desktop\Ostern2014
2014-04-20 10:07 - 2014-04-13 15:15 - 00000000 ____D () C:\Users\Thomas\Desktop\DUBAI 2014
2014-04-20 10:03 - 2013-06-25 09:38 - 00000000 ____D () C:\Users\Thomas
2014-04-20 09:53 - 2014-04-20 09:53 - 00000000 ____D () C:\Program Files\Recuva
2014-04-20 09:52 - 2014-04-20 09:52 - 03161056 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\rcsetup151_slim.exe
2014-04-20 09:48 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\Web
2014-04-20 08:15 - 2014-04-20 08:15 - 00007609 _____ () C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
2014-04-20 08:09 - 2014-04-20 08:08 - 00026374 _____ () C:\Users\Thomas\Downloads\Addition.txt
2014-04-20 08:09 - 2014-04-20 08:06 - 00047955 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-04-20 08:04 - 2014-04-20 08:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 08:04 - 2014-04-20 08:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-20 07:49 - 2014-04-20 07:47 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 20:46 - 2013-12-17 10:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-19 20:46 - 2013-12-16 23:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-19 20:36 - 2014-04-19 20:36 - 00089204 _____ () C:\Users\Thomas\Downloads\the-hobbit-the-desolation-of-smaug_german-890034.zip
2014-04-19 20:31 - 2014-04-19 20:31 - 00049572 _____ () C:\Users\Thomas\Downloads\the-hobbit-the-desolation-of-smaug_german-890089.zip
2014-04-19 18:19 - 2014-04-04 15:40 - 00000000 ____D () C:\Users\Thomas\Documents\Gothic3
2014-04-18 12:53 - 2013-06-29 14:16 - 00000000 ____D () C:\Users\Thomas\Documents\Lebenslauf
2014-04-17 08:12 - 2013-07-08 23:14 - 00000000 ____D () C:\Users\Thomas\Documents\Uni
2014-04-14 21:19 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-04-14 20:13 - 2014-04-19 20:46 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-19 20:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-19 20:46 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-19 20:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-04-12 09:01 - 2014-04-12 09:01 - 00001407 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-04-11 16:45 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-11 10:11 - 2014-04-11 10:10 - 75647482 _____ (ETS) C:\Users\Thomas\Downloads\toeflSample.exe
2014-04-09 11:00 - 2014-04-07 14:38 - 00000000 ____D () C:\Users\Thomas\Desktop\GMAT
2014-04-07 14:39 - 2014-04-07 14:39 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\GMATPrep
2014-04-07 14:39 - 2014-04-07 14:38 - 00000000 ____D () C:\Program Files (x86)\GMATPrep2012
2014-04-07 10:04 - 2013-06-25 09:39 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Packages
2014-04-07 10:02 - 2014-04-07 10:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Skype
2014-04-07 10:01 - 2014-04-07 10:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-07 10:01 - 2014-04-07 10:01 - 00000000 ____D () C:\ProgramData\Skype
2014-04-05 15:57 - 2013-06-26 14:13 - 00000000 ____D () C:\Users\Thomas\Desktop\Eigene Dateien
2014-04-04 15:42 - 2014-04-04 14:15 - 00000000 ____D () C:\Program Files (x86)\Gothic III
2014-04-04 14:33 - 2014-04-04 14:33 - 00001919 _____ () C:\Users\Public\Desktop\G III.lnk
2014-04-04 14:24 - 2014-04-04 14:24 - 00303616 _____ () C:\windows\system32\Drivers\atksgt.sys
2014-04-04 14:24 - 2014-04-04 14:24 - 00035328 _____ () C:\windows\system32\Drivers\lirsgt.sys
2014-04-04 14:15 - 2012-09-10 22:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-03 09:51 - 2014-04-20 08:04 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 08:04 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 08:04 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-02 22:30 - 2013-08-08 20:23 - 00000000 ____D () C:\Program Files\Vuze
2014-03-31 23:18 - 2013-10-31 15:03 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-10-31 15:03 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 19:36 - 2014-03-31 19:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-28 14:24 - 2013-11-29 11:37 - 00000000 ____D () C:\Program Files (x86)\Jowood
2014-03-26 22:55 - 2014-03-21 13:38 - 00000000 ____D () C:\Users\Thomas\Documents\Eigene Scans
2014-03-25 11:37 - 2014-03-24 13:59 - 00000000 ____D () C:\Users\Thomas\Desktop\TOEFL
2014-03-25 09:47 - 2014-03-25 09:47 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Kazaa Lite
2014-03-25 09:05 - 2014-03-25 09:05 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Apple Computer
2014-03-24 18:50 - 2013-08-15 14:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-24 18:50 - 2013-08-15 14:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime Alternative
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Apple
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\ProgramData\Apple
2014-03-24 18:49 - 2014-03-24 18:49 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-24 17:19 - 2014-03-24 17:19 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2014-03-24 17:11 - 2013-06-25 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 14:07 - 2013-06-25 10:07 - 00000000 ____D () C:\Program Files\CCleaner

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-09 17:32

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Thomas at 2014-04-22 10:58:58
Running from C:\Users\Thomas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

4500_G510gm_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GMATPrep (HKLM-x32\...\GMATPrep 2.2.317) (Version: 2.2.317 - Graduate Management Admission Council (GMAC))
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Guild 2 King's Edition (HKLM-x32\...\{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}) (Version: 1.0.0 - JoWood)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510g-m 14.0 Rel. 6 (HKLM\...\{C55BF64E-60E1-494C-B1EB-97A008141A55}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LibreOffice 4.2.3.3 (HKLM-x32\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
resident evil 4 (HKLM-x32\...\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}) (Version: 1.00.0000 - CAPCOM)
Resident Evil 4 version 2.20.17 HD (HKLM-x32\...\{0BD97EC6-047D-4727-B10A-9E21781D17DE}_is1) (Version: 2.20.17 HD - CAPCOM)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOEFL Sample Questions (HKLM-x32\...\{A8E9FAEE-4AC2-4A38-99D9-55D1F26F8163}) (Version: 4.00.0000 - ETS)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.910 - Toshiba Corporation) Hidden
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.0.0.0 - Azureus Software, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
x64 Components v4.1.8 (HKLM\...\Advanced x64Components_is1) (Version: 4.1.8 - Shark007)

==================== Restore Points  =========================

01-03-2014 17:15:20 Installed Microsoft Office Professional 2010 Trial
18-03-2014 10:09:11 Removed TOSHIBA VIDEO PLAYER.
24-03-2014 15:01:49 Windows Update
31-03-2014 17:35:47 Installed 7-Zip 9.20 (x64 edition)
04-04-2014 12:14:48 Installiert Gothic III
19-04-2014 18:44:37 Installed Java 7 Update 55
21-04-2014 08:53:06 Installed TOEFL Sample Questions.

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0767AEBA-D75D-45E3-B387-5E46AD0ABEEE} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe
Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {0EADE707-5B88-4398-9B88-53036E966FC7} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3162A109-3C6A-4CC2-BB6B-CEF86286FC1E} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {76B1C7D4-799F-47A4-8159-EEDCD9FF2093} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-18] (Synaptics Incorporated)
Task: {7A057D3E-4F0E-484E-A161-90D88E6E9641} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
Task: {851D831B-42E9-4A3C-BB3B-490F82750480} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16] (Adobe Systems Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AFFF97FE-E4FB-4652-95B3-CC6E3B363C83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {B2AC3F5C-C134-48B6-B1A8-FF13A8095AFE} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe
Task: {C2D9965A-1AB9-4B54-980E-412582C670AB} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3796240173-509024344-3822763771-1001Core.job => C:\Users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2011-10-14 00:38 - 2011-10-14 00:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-07-19 04:38 - 2012-07-19 04:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 04:38 - 2012-07-19 04:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 05:13 - 2012-08-14 05:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2012-08-06 06:36 - 2012-08-06 06:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-18 14:06 - 2014-02-25 12:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-27 19:18 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-16 17:46 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2014 10:59:17 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:59:17Z. Fehlercode: 0x80040154.

Error: (04/22/2014 10:58:47 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:58:47Z. Fehlercode: 0x80040154.

Error: (04/22/2014 10:58:17 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:58:17Z. Fehlercode: 0x80040154.

Error: (04/22/2014 10:57:47 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:57:47Z. Fehlercode: 0x80040154.

Error: (04/22/2014 10:57:17 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:57:17Z. Fehlercode: 0x80040154.

Error: (04/22/2014 10:56:47 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:56:47Z. Fehlercode: 0x80040154.

Error: (04/22/2014 10:56:17 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:56:17Z. Fehlercode: 0x80040154.

Error: (04/22/2014 10:55:47 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:55:47Z. Fehlercode: 0x80040154.

Error: (04/22/2014 10:55:17 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:55:17Z. Fehlercode: 0x80040154.

Error: (04/22/2014 10:54:47 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-03-29T08:54:47Z. Fehlercode: 0x80040154.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/22/2014 10:59:17 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:59:17Z

Error: (04/22/2014 10:58:47 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:58:47Z

Error: (04/22/2014 10:58:17 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:58:17Z

Error: (04/22/2014 10:57:47 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:57:47Z

Error: (04/22/2014 10:57:17 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:57:17Z

Error: (04/22/2014 10:56:47 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:56:47Z

Error: (04/22/2014 10:56:17 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:56:17Z

Error: (04/22/2014 10:55:47 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:55:47Z

Error: (04/22/2014 10:55:17 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:55:17Z

Error: (04/22/2014 10:54:47 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542114-03-29T08:54:47Z


CodeIntegrity Errors:
===================================
  Date: 2014-04-22 10:39:13.513
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-22 10:39:13.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-22 09:40:56.793
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-22 09:40:56.606
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-22 09:16:15.284
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-22 09:16:15.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-21 16:18:45.862
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-21 16:18:45.643
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-21 00:09:13.584
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-21 00:09:12.959
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 6025.22 MB
Available physical RAM: 4564.34 MB
Total Pagefile: 8073.22 MB
Available Pagefile: 6606.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI30992300A) (Fixed) (Total:590.51 GB) (Free:403.55 GB) NTFS
Drive z: (Volume) (Fixed) (Total:97.66 GB) (Free:71.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Besten Dank!!

Anmerkung: RAM-Auslastung ist nun nochmals runter von 1,9 auf 1 GB!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

HKLM-x32\...\Run: [] => [X]
Task: {0EADE707-5B88-4398-9B88-53036E966FC7} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: {3162A109-3C6A-4CC2-BB6B-CEF86286FC1E} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
C:\Windows\KMSEmulator.exe
C:\windows\AutoKMS.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by Thomas at 2014-04-22 11:38:15 Run:1
Running from C:\Users\Thomas\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
Task: {0EADE707-5B88-4398-9B88-53036E966FC7} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: {3162A109-3C6A-4CC2-BB6B-CEF86286FC1E} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
C:\Windows\KMSEmulator.exe
C:\windows\AutoKMS.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EADE707-5B88-4398-9B88-53036E966FC7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EADE707-5B88-4398-9B88-53036E966FC7} => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMSDaily => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3162A109-3C6A-4CC2-BB6B-CEF86286FC1E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3162A109-3C6A-4CC2-BB6B-CEF86286FC1E} => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => Key deleted successfully.
"C:\Windows\KMSEmulator.exe" => File/Directory not found.
"C:\windows\AutoKMS.exe" => File/Directory not found.

==== End of Fixlog ====
         

Vielen Dank für deine rasche Unterstützung! TOP!!

Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.04.2014
Suchlauf-Zeit: 13:46:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.22.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Thomas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 261515
Verstrichene Zeit: 41 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=637f9225bb990f4eb0a57979ad53fa22
# engine=17976
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-22 02:33:20
# local_time=2014-04-22 04:33:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 94 27769 4855936 20537 0
# compatibility_mode=5893 16776574 100 94 145588 15523129 0 0
# scanned=224676
# found=0
# cleaned=0
# scan_time=6774
         

Ich wollte noch ergänzend fragen, ob es denn als " normal" angesehen werden kann, das svchost.exe 13x zugleich ausgeführt wird wenn ich im Taskmanager nachsehe...

Danke schon mal für die Antwort darauf!

LG,
Gin