Bitdefender meldet nach jeden Firefox öffnen virtualcloudnow.com Malware

Sonic13 · 21.04.2015, 12:37

Hallo liebes Board,

seit 3 Tagen meldet Bitdefender nach jedem öffnen von Firefox, daß die Webseite hxxp://bw9210.virtualcloudnow.com mit Malware infiziert ist und vom Malware-Filter blockiert wurde und mein PC wieder sicher sei. Es kommen 3 Meldungen die alle mit bw9210.virtualcloudnow.com beginnen.
Scans mit Malwarebytes und Bitdefender haben keine Ergebnis von (weiterer) Malware oder Viren etc. erbracht. Scans kann ich gerne posten.

der AdwareCleaner-Scan brachte folgendes:

Code:

ATTFilter

# AdwCleaner v4.201 - Bericht erstellt 20/04/2015 um 23:19:27
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-20.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : XXXX - XXXX-PC
# Gestarted von : C:\Users\XXX\Downloads\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\XXX\AppData\Roaming\pdfforge

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 de)

[v0lyuz82.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "ixquick.com");

*************************

AdwCleaner[R0].txt - [1271 Bytes] - [20/04/2015 23:16:58]
AdwCleaner[S0].txt - [1200 Bytes] - [20/04/2015 23:19:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1259  Bytes] ##########

Ich nutze als Suchmaschine ix-quick.com. Diese ist nun aus Firefox nach dem Adware-Cleaner Scan entfernt worden. Außerdem ist das Symbol von Mircosoft Word verschwundenund durch das weiße Textsymbol ersetzt worden. Word läßt sich öffnen aber keine Dokumente im Hauptlaufwerk mehr speichern. Die Internet-Suche nach bzw. was Virtualcloudnow.com ist, brachte mir nur einen englischen Text den ich bei Bedarf posten kann. Was ich mit meinem bescheidenen Englisch da lesen konnte, war das laut des Schreibers Virtualcloud was mit den Addons in Firefox zu tun hat. Für die Quellenangabe müßte ich eine Suchmaschine wieder einrichten. Daraufhin habe ich außer Adblocker, Ghostery und no script alle Addons erstmal deaktiviert bzw. gelöscht. Doch die Meldungen tauchen weiterhin auf. Muß ich Firefox jetzt deinstallieren?

Viele Dank für Eure Hilfe.

Grüße

Sonic

schrauber · 21.04.2015, 12:40

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Sonic13 · 21.04.2015, 12:57

Hi Schrauber,
danke für die schnelle Antwort. Hier nun die Scans

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by XXX (administrator) on XXX-PC on 21-04-2015 13:50:11
Running from C:\Users\XXX\Downloads
Loaded Profiles: XXX (Available profiles: XXX)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13631704 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-06] (Bitdefender)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-17] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3824867406-694797547-1926319732-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS)
FF Extension: Ghostery - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default\Extensions\firefox@ghostery.com.xpi [2015-04-21]
FF Extension: {66740287-d43f-4f7d-9a7e-d71d506065dd} - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default\Extensions\{66740287-d43f-4f7d-9a7e-d71d506065dd}.xpi [2014-12-04]
FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-20]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-20]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-16]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-06] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-06] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 ZY760_64; C:\Windows\System32\DRIVERS\WlanUZ64.SYS [493696 2006-03-20] (ZyDAS Technology Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 13:50 - 2015-04-21 13:50 - 00012751 _____ () C:\Users\Michael\Downloads\FRST.txt
2015-04-21 13:49 - 2015-04-21 13:50 - 00000000 ____D () C:\FRST
2015-04-21 13:48 - 2015-04-21 13:48 - 02099712 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2015-04-21 12:47 - 2015-04-21 12:47 - 00002703 _____ () C:\Users\Michael\Desktop\Microsoft Office Word 2003.lnk
2015-04-20 23:21 - 2015-04-21 12:17 - 00000168 _____ () C:\Windows\setupact.log
2015-04-20 23:21 - 2015-04-20 23:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-20 23:20 - 2015-04-20 23:20 - 00000774 _____ () C:\Windows\PFRO.log
2015-04-20 23:16 - 2015-04-20 23:23 - 00000000 ____D () C:\AdwCleaner
2015-04-20 23:15 - 2015-04-20 23:15 - 02217984 _____ () C:\Users\Michael\Downloads\AdwCleaner_4.201.exe
2015-04-20 22:39 - 2015-04-20 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 21:53 - 2015-04-20 22:08 - 336723312 _____ () C:\Users\Michael\Downloads\2013_chicago_pro_backstage3.wmv
2015-04-20 21:53 - 2015-04-20 22:07 - 254011102 _____ () C:\Users\Michael\Downloads\2013_chicago_pro_backstage2.wmv
2015-04-20 21:53 - 2015-04-20 22:05 - 192198051 _____ () C:\Users\Michael\Downloads\2013_chicago_pro_backstage1.wmv
2015-04-20 21:45 - 2015-04-20 22:05 - 329573362 _____ () C:\Users\Michael\Downloads\julie_bourassa_closeups_pecs_arms1.wmv
2015-04-20 21:45 - 2015-04-20 21:59 - 244119515 _____ () C:\Users\Michael\Downloads\julie_bourassa_massive_muscle_legs1.wmv
2015-04-20 21:45 - 2015-04-20 21:55 - 229733363 _____ () C:\Users\Michael\Downloads\julie_bourassa_behindscenes1.wmv
2015-04-20 21:36 - 2015-04-20 21:41 - 92014325 _____ () C:\Users\Michael\Downloads\julie_bourassa26.wmv
2015-04-20 21:36 - 2015-04-20 21:41 - 112358475 _____ () C:\Users\Michael\Downloads\julie_bourassa25.wmv
2015-04-20 21:36 - 2015-04-20 21:41 - 106452474 _____ () C:\Users\Michael\Downloads\julie_bourassa_most_musculars_big_back1.wmv
2015-04-20 21:27 - 2015-04-20 21:48 - 416639940 _____ () C:\Users\Michael\Downloads\irene_andersen_nordic_muscle_queen_upclose1.wmv
2015-04-20 21:27 - 2015-04-20 21:34 - 193209016 _____ () C:\Users\Michael\Downloads\irene_andersen_closeups_veins_abs_legs1.wmv
2015-04-20 21:22 - 2015-04-20 21:28 - 186680307 _____ () C:\Users\Michael\Downloads\irene_andersen_upper_body_closeups1.wmv
2015-04-20 21:21 - 2015-04-20 21:31 - 293465303 _____ () C:\Users\Michael\Downloads\irene_andersen_nordic_muscle_queen1.wmv
2015-04-20 21:18 - 2015-04-20 21:24 - 153494791 _____ () C:\Users\Michael\Downloads\kashma_maharaj14.wmv
2015-04-20 21:18 - 2015-04-20 21:21 - 102446401 _____ () C:\Users\Michael\Downloads\kashma_maharaj13.wmv
2015-04-20 21:13 - 2015-04-20 21:19 - 106814437 _____ () C:\Users\Michael\Downloads\kashma_maharaj15.wmv
2015-04-20 21:12 - 2015-04-20 21:19 - 117926521 _____ () C:\Users\Michael\Downloads\kashma_maharaj17.wmv
2015-04-20 21:12 - 2015-04-20 21:18 - 133990641 _____ () C:\Users\Michael\Downloads\kashma_maharaj18.wmv
2015-04-20 21:12 - 2015-04-20 21:16 - 79998233 _____ () C:\Users\Michael\Downloads\kashma_maharaj16.wmv
2015-04-20 21:06 - 2015-04-20 21:13 - 147878743 _____ () C:\Users\Michael\Downloads\kashma_maharaj21.wmv
2015-04-20 21:06 - 2015-04-20 21:13 - 122166551 _____ () C:\Users\Michael\Downloads\kashma_maharaj20.wmv
2015-04-20 21:06 - 2015-04-20 21:12 - 120310539 _____ () C:\Users\Michael\Downloads\kashma_maharaj19.wmv
2015-04-20 21:06 - 2015-04-20 21:11 - 106662431 _____ () C:\Users\Michael\Downloads\kashma_maharaj22.wmv
2015-04-20 20:59 - 2015-04-20 21:04 - 135678655 _____ () C:\Users\Michael\Downloads\kashma_maharaj24.wmv
2015-04-20 20:59 - 2015-04-20 21:03 - 96374355 _____ () C:\Users\Michael\Downloads\kashma_maharaj23.wmv
2015-04-20 20:53 - 2015-04-20 21:05 - 292151909 _____ () C:\Users\Michael\Downloads\kashma_maharaj_legs_and_feet1.wmv
2015-04-20 20:53 - 2015-04-20 20:59 - 129288784 _____ () C:\Users\Michael\Downloads\kashma_maharaj_mighty_muscles1.wmv
2015-04-20 20:53 - 2015-04-20 20:58 - 105198496 _____ () C:\Users\Michael\Downloads\kashma_maharaj_incredible_mass1.wmv
2015-04-20 20:46 - 2015-04-20 20:55 - 170946666 _____ () C:\Users\Michael\Downloads\kashma_maharaj_massive_legs1.mp4
2015-04-20 20:40 - 2015-04-20 20:55 - 257622105 _____ () C:\Users\Michael\Downloads\kashma_samantha_arms_forearms_comparisons1.mp4
2015-04-20 20:40 - 2015-04-20 20:53 - 228256848 _____ () C:\Users\Michael\Downloads\kashma_maharaj_massive_luscious_muscle1.mp4
2015-04-20 20:40 - 2015-04-20 20:52 - 170368225 _____ () C:\Users\Michael\Downloads\kashma_samantha_LC1.mp4
2015-04-20 20:34 - 2015-04-20 20:46 - 211431773 _____ () C:\Users\Michael\Downloads\2013_tampa_pro_backstage_physique1.mp4
2015-04-20 20:34 - 2015-04-20 20:43 - 153583864 _____ () C:\Users\Michael\Downloads\2013_tampa_pro_backstage1.wmv
2015-04-20 20:34 - 2015-04-20 20:40 - 96437582 _____ () C:\Users\Michael\Downloads\2013_tampa_pro_backstage3.wmv
2015-04-20 20:34 - 2015-04-20 20:40 - 104766930 _____ () C:\Users\Michael\Downloads\2013_tampa_pro_backstage2.wmv
2015-04-20 20:29 - 2015-04-20 20:35 - 122537696 _____ () C:\Users\Michael\Downloads\2013_tampa_pro_backstageBB3.wmv
2015-04-20 20:29 - 2015-04-20 20:34 - 117582353 _____ () C:\Users\Michael\Downloads\2013_tampa_pro_backstageBB2.wmv
2015-04-20 20:29 - 2015-04-20 20:34 - 104381793 _____ () C:\Users\Michael\Downloads\2013_tampa_pro_backstageBB1.wmv
2015-04-20 20:23 - 2015-04-20 20:30 - 197841494 _____ () C:\Users\Michael\Downloads\2013_tampa_pumproom1.mp4
2015-04-20 20:18 - 2015-04-20 20:27 - 161558841 _____ () C:\Users\Michael\Downloads\maria_wattel1.wmv
2015-04-20 20:18 - 2015-04-20 20:26 - 153550781 _____ () C:\Users\Michael\Downloads\maria_wattel2.wmv
2015-04-20 20:18 - 2015-04-20 20:24 - 152406775 _____ () C:\Users\Michael\Downloads\maria_wattel3.wmv
2015-04-20 20:17 - 2015-04-20 20:27 - 148606745 _____ () C:\Users\Michael\Downloads\maria_wattel4.wmv
2015-04-20 20:09 - 2015-04-20 20:13 - 102342397 _____ () C:\Users\Michael\Downloads\maria_wattel5.wmv
2015-04-20 20:03 - 2015-04-20 20:12 - 99286373 _____ () C:\Users\Michael\Downloads\maria_wattel6.wmv
2015-04-20 20:03 - 2015-04-20 20:10 - 88111421 _____ () C:\Users\Michael\Downloads\maria_wattel_legs1.mp4
2015-04-20 20:01 - 2015-04-20 20:12 - 160338889 _____ () C:\Users\Michael\Downloads\jennifer_megan_armwrestling1.wmv
2015-04-20 20:01 - 2015-04-20 20:12 - 136278715 _____ () C:\Users\Michael\Downloads\brandimae_akers_weightlifting2.wmv
2015-04-20 20:01 - 2015-04-20 20:10 - 95413401 _____ () C:\Users\Michael\Downloads\andrea_ruiz_armwrestling1.wmv
2015-04-20 20:01 - 2015-04-20 20:09 - 94566367 _____ () C:\Users\Michael\Downloads\yahaira_agosto_rubberband1.wmv
2015-04-20 19:51 - 2015-04-20 19:59 - 143958783 _____ () C:\Users\Michael\Downloads\danielle_gardner_weights1.wmv
2015-04-20 19:51 - 2015-04-20 19:59 - 128298255 _____ () C:\Users\Michael\Downloads\skullcrusher2.wmv
2015-04-20 19:44 - 2015-04-20 19:56 - 175746617 _____ () C:\Users\Michael\Downloads\annie_fishnet_ironbend1.wmv
2015-04-20 19:43 - 2015-04-20 19:58 - 204359116 _____ () C:\Users\Michael\Downloads\jen_megan_biceps1.wmv
2015-04-20 19:43 - 2015-04-20 19:57 - 196879046 _____ () C:\Users\Michael\Downloads\cheyenne_reign_strength1.wmv
2015-04-20 19:43 - 2015-04-20 19:53 - 152310597 _____ () C:\Users\Michael\Downloads\reign_and_her_toy1.wmv
2015-04-20 19:27 - 2015-04-20 19:33 - 160225379 _____ () C:\Users\Michael\Downloads\anna_mikhaylenko_shirt1.wmv
2015-04-20 19:26 - 2015-04-20 19:30 - 79662257 _____ () C:\Users\Michael\Downloads\kathy_connors_rubberband1.wmv
2015-04-20 19:20 - 2015-04-20 19:32 - 231483084 _____ () C:\Users\Michael\Downloads\jennifer_megan_armwrestling2.wmv
2015-04-20 19:20 - 2015-04-20 19:31 - 212373398 _____ () C:\Users\Michael\Downloads\musclegirl_tussle1.wmv
2015-04-20 19:20 - 2015-04-20 19:26 - 116774531 _____ () C:\Users\Michael\Downloads\megan_abshire_lift_and_carry1.wmv
2015-04-20 19:08 - 2015-04-20 19:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-20 19:08 - 2015-04-20 19:08 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-20 18:27 - 2015-04-20 18:35 - 240278647 _____ () C:\Users\Michael\Downloads\jennifer_scarpetta_bellypunching1.wmv
2015-04-20 18:27 - 2015-04-20 18:34 - 158294671 _____ () C:\Users\Michael\Downloads\megan_avalon_wrestling1.wmv
2015-04-20 18:27 - 2015-04-20 18:34 - 150398837 _____ () C:\Users\Michael\Downloads\amanda_folstad-ptak_curls1.wmv
2015-04-20 18:11 - 2015-04-20 18:20 - 195693270 _____ () C:\Users\Michael\Downloads\maryse_manios_facesit_smother_scissors1.wmv
2015-04-20 18:11 - 2015-04-20 18:20 - 165302915 _____ () C:\Users\Michael\Downloads\anne_sheehan_strength_acrobatics1.wmv
2015-04-20 18:11 - 2015-04-20 18:19 - 118437807 _____ () C:\Users\Michael\Downloads\kim_buck_fantasy_wrestling1.wmv
2015-04-20 18:10 - 2015-04-20 18:16 - 142473683 _____ () C:\Users\Michael\Downloads\jenni_nuriye_topless_armwrestling1.mp4
2015-04-20 18:01 - 2015-04-20 18:10 - 239588597 _____ () C:\Users\Michael\Downloads\jenni_nuriye_bicep_workout2.mp4
2015-04-20 18:01 - 2015-04-20 18:08 - 126400952 _____ () C:\Users\Michael\Downloads\natalie_scissors1.mp4
2015-04-20 17:55 - 2015-04-20 18:00 - 122110682 _____ () C:\Users\Michael\Downloads\lift_carry_bearhug_challenge1.mp4
2015-04-20 17:52 - 2015-04-20 18:09 - 353855737 _____ () C:\Users\Michael\Downloads\overhead_press1.mp4
2015-04-20 17:48 - 2015-04-20 18:06 - 379838588 _____ () C:\Users\Michael\Downloads\jenni_nuriye_bicep_workout3.mp4
2015-04-20 17:38 - 2015-04-20 17:47 - 124727105 _____ () C:\Users\Michael\Downloads\tatiana_tease_and_smother1.mp4
2015-04-20 17:37 - 2015-04-20 17:55 - 270991705 _____ () C:\Users\Michael\Downloads\rene_marven_massive_muscles1.wmv
2015-04-20 17:37 - 2015-04-20 17:50 - 201575199 _____ () C:\Users\Michael\Downloads\rene_marven_poolside_muscle_goddess1.wmv
2015-04-20 17:37 - 2015-04-20 17:50 - 164001933 _____ () C:\Users\Michael\Downloads\rene_marven_offseason_upper_body1.wmv
2015-04-20 17:37 - 2015-04-20 17:49 - 183687077 _____ () C:\Users\Michael\Downloads\rene_marven_sexy_dress1.wmv
2015-04-20 17:30 - 2015-04-20 17:37 - 183768310 _____ () C:\Users\Michael\Downloads\rene_marven_sexy_muscle_legs1.mp4
2015-04-20 17:30 - 2015-04-20 17:36 - 191503177 _____ () C:\Users\Michael\Downloads\rene_marven_sexy_dress_upclose1.wmv
2015-04-20 17:26 - 2015-04-20 17:32 - 122985185 _____ () C:\Users\Michael\Downloads\rene_marven_legs_and_footplay1.wmv
2015-04-20 17:26 - 2015-04-20 17:31 - 100757761 _____ () C:\Users\Michael\Downloads\rene_marven_sexy_abs_luscious_thighs1.wmv
2015-04-20 17:21 - 2015-04-20 17:29 - 214873115 _____ () C:\Users\Michael\Downloads\theresa_ivancik_muscular_femininity2.mp4
2015-04-20 17:21 - 2015-04-20 17:29 - 174054487 _____ () C:\Users\Michael\Downloads\theresa_ivancik_seduction_in_black2.mp4
2015-04-20 17:10 - 2015-04-20 17:21 - 295797282 _____ () C:\Users\Michael\Downloads\theresa_ivancik_muscular_femininity1.mp4
2015-04-20 17:10 - 2015-04-20 17:20 - 172370575 _____ () C:\Users\Michael\Downloads\theresa_ivancik_seduction_in_black1.mp4
2015-04-20 17:10 - 2015-04-20 17:18 - 138870679 _____ () C:\Users\Michael\Downloads\theresa_ivancik4.wmv
2015-04-20 17:10 - 2015-04-20 17:17 - 113902487 _____ () C:\Users\Michael\Downloads\theresa_ivancik3.wmv
2015-04-20 17:06 - 2015-04-20 17:09 - 77494211 _____ () C:\Users\Michael\Downloads\theresa_ivancik2.wmv
2015-04-20 17:01 - 2015-04-20 17:08 - 109990451 _____ () C:\Users\Michael\Downloads\theresa_ivancik1.wmv
2015-04-20 16:58 - 2015-04-20 17:08 - 179569140 _____ () C:\Users\Michael\Downloads\oana_hreapca_railroad_muscle1.mp4
2015-04-20 16:58 - 2015-04-20 17:07 - 142476347 _____ () C:\Users\Michael\Downloads\oana_hreapca_upper_body_abs1.mp4
2015-04-20 16:55 - 2015-04-20 17:05 - 254896575 _____ () C:\Users\Michael\Downloads\oana_hreapca_webcam_muscle1.mp4
2015-04-20 16:51 - 2015-04-20 16:59 - 186438126 _____ () C:\Users\Michael\Downloads\oana_hreapca_fishnet_fantasy1.mp4
2015-04-20 16:44 - 2015-04-20 16:56 - 186178289 _____ () C:\Users\Michael\Downloads\oana_julieta_biceps1.wmv
2015-04-20 16:44 - 2015-04-20 16:54 - 147271666 _____ () C:\Users\Michael\Downloads\oana_hreapca8.wmv
2015-04-20 16:44 - 2015-04-20 16:54 - 141927893 _____ () C:\Users\Michael\Downloads\oana_julieta_calves1.wmv
2015-04-20 16:44 - 2015-04-20 16:52 - 139181343 _____ () C:\Users\Michael\Downloads\oana_hreapca7.wmv
2015-04-20 16:34 - 2015-04-20 16:42 - 144296476 _____ () C:\Users\Michael\Downloads\oana_hreapca6.wmv
2015-04-20 16:34 - 2015-04-20 16:41 - 147080174 _____ () C:\Users\Michael\Downloads\oana_hreapca5.wmv
2015-04-20 16:34 - 2015-04-20 16:40 - 90366307 _____ () C:\Users\Michael\Downloads\oana_hreapca4.wmv
2015-04-20 16:34 - 2015-04-20 16:40 - 100358385 _____ () C:\Users\Michael\Downloads\oana_hreapca3.wmv
2015-04-19 21:27 - 2015-04-19 21:39 - 271497914 _____ () C:\Users\Michael\Downloads\rosie_harte_tough_and_sexy1.mp4
2015-04-19 21:27 - 2015-04-19 21:39 - 220516294 _____ () C:\Users\Michael\Downloads\rosie_harte_elegant_and_muscular2.mp4
2015-04-19 21:27 - 2015-04-19 21:39 - 215546390 _____ () C:\Users\Michael\Downloads\rosie_harte_elegant_and_muscular1.mp4
2015-04-19 21:27 - 2015-04-19 21:38 - 198288079 _____ () C:\Users\Michael\Downloads\rosie_harte_daydream1.mp4
2015-04-19 21:21 - 2015-04-19 21:26 - 210409553 _____ () C:\Users\Michael\Downloads\simone_de_oliveira_muscular_sensual_beautiful1.mp4
2015-04-19 21:21 - 2015-04-19 21:25 - 140016035 _____ () C:\Users\Michael\Downloads\simone_de_oliveira_pump_flex1.mp4
2015-04-19 21:01 - 2015-04-19 21:21 - 486154421 _____ () C:\Users\Michael\Downloads\2014_tampa_pro_pumproom1.mp4
2015-04-19 21:01 - 2015-04-19 21:20 - 476751692 _____ () C:\Users\Michael\Downloads\2014_tampa_pro_pumproom2.mp4
2015-04-19 21:01 - 2015-04-19 21:20 - 368908064 _____ () C:\Users\Michael\Downloads\simone_de_oliveira_brazilian_champion1.mp4
2015-04-19 20:53 - 2015-04-19 21:00 - 131950623 _____ () C:\Users\Michael\Downloads\gillian_kovack14.wmv
2015-04-19 20:53 - 2015-04-19 21:00 - 103150407 _____ () C:\Users\Michael\Downloads\gillian_kovack15.wmv
2015-04-19 20:53 - 2015-04-19 21:00 - 102646407 _____ () C:\Users\Michael\Downloads\gillian_kovack16.wmv
2015-04-19 20:53 - 2015-04-19 20:59 - 125182575 _____ () C:\Users\Michael\Downloads\gillian_kovack13.wmv
2015-04-19 20:48 - 2015-04-19 20:54 - 105486425 _____ () C:\Users\Michael\Downloads\gillian_kovack17.wmv
2015-04-19 20:48 - 2015-04-19 20:53 - 94126341 _____ () C:\Users\Michael\Downloads\gillian_kovack19.wmv
2015-04-19 20:48 - 2015-04-19 20:53 - 86510281 _____ () C:\Users\Michael\Downloads\gillian_kovack20.wmv
2015-04-19 20:48 - 2015-04-19 20:52 - 96078353 _____ () C:\Users\Michael\Downloads\gillian_kovack18.wmv
2015-04-19 20:39 - 2015-04-19 20:46 - 153438785 _____ () C:\Users\Michael\Downloads\gillian_kovack23.wmv
2015-04-19 20:39 - 2015-04-19 20:46 - 152166773 _____ () C:\Users\Michael\Downloads\gillian_kovack21.wmv
2015-04-19 20:39 - 2015-04-19 20:45 - 105862425 _____ () C:\Users\Michael\Downloads\gillian_kovack22.wmv
2015-04-19 20:39 - 2015-04-19 20:44 - 96438359 _____ () C:\Users\Michael\Downloads\gillian_kovack24.wmv
2015-04-19 20:35 - 2015-04-19 20:39 - 161965775 _____ () C:\Users\Michael\Downloads\gillian_kovack_pink1.wmv
2015-04-19 20:35 - 2015-04-19 20:38 - 113598485 _____ () C:\Users\Michael\Downloads\gillian_kovack25.wmv
2015-04-19 20:31 - 2015-04-19 20:36 - 113342481 _____ () C:\Users\Michael\Downloads\gillian_kovack27.wmv
2015-04-19 20:31 - 2015-04-19 20:35 - 92518329 _____ () C:\Users\Michael\Downloads\gillian_kovack26.wmv
2015-04-19 20:28 - 2015-04-19 20:33 - 112654481 _____ () C:\Users\Michael\Downloads\gillian_kovack28.wmv
2015-04-19 20:25 - 2015-04-19 20:34 - 203755640 _____ () C:\Users\Michael\Downloads\gillian_kovack_legs_calves1.wmv
2015-04-19 20:13 - 2015-04-19 20:28 - 214287353 _____ () C:\Users\Michael\Downloads\gillian_kovack_glutes_legs1.wmv
2015-04-19 20:12 - 2015-04-19 20:20 - 161457815 _____ () C:\Users\Michael\Downloads\gillian_kovack_brawn_and_beauty1.mp4
2015-04-19 20:10 - 2015-04-19 20:30 - 316299499 _____ () C:\Users\Michael\Downloads\gillian_kovack_pump_flex2.mp4
2015-04-19 20:10 - 2015-04-19 20:29 - 291731868 _____ () C:\Users\Michael\Downloads\gillian_kovack_bicep_pump_flex1.mp4
2015-04-19 20:10 - 2015-04-19 20:25 - 201515568 _____ () C:\Users\Michael\Downloads\gillian_kovack_massive_muscular_magnificent1.mp4
2015-04-19 20:10 - 2015-04-19 20:19 - 120013176 _____ () C:\Users\Michael\Downloads\gillian_kovack_thick_strong_upper_quads1.mp4
2015-04-19 20:08 - 2015-04-19 20:11 - 114933478 _____ () C:\Users\Michael\Downloads\gillian_kovack_thick_strong_calves1.mp4
2015-04-19 20:00 - 2015-04-19 20:07 - 108338608 _____ () C:\Users\Michael\Downloads\ariel_gail_upper1.mp4
2015-04-19 20:00 - 2015-04-19 20:07 - 107816935 _____ () C:\Users\Michael\Downloads\ariel_gail_legs1.mp4
2015-04-19 20:00 - 2015-04-19 20:06 - 75428981 _____ () C:\Users\Michael\Downloads\ariel_gail_hams_back_some_upper1.mp4
2015-04-19 19:57 - 2015-04-19 20:08 - 208088228 _____ () C:\Users\Michael\Downloads\ariel_gail_upclose1.mp4
2015-04-19 19:55 - 2015-04-19 20:09 - 259379354 _____ () C:\Users\Michael\Downloads\ariel_gail_naturally_beautiful_and_muscular1.mp4
2015-04-19 19:51 - 2015-04-19 19:59 - 181887003 _____ () C:\Users\Michael\Downloads\renata_hronova3.wmv
2015-04-19 19:51 - 2015-04-19 19:59 - 152478779 _____ () C:\Users\Michael\Downloads\renata_hronova2.wmv
2015-04-19 19:51 - 2015-04-19 19:57 - 117710515 _____ () C:\Users\Michael\Downloads\renata_hronova1.wmv
2015-04-19 19:47 - 2015-04-19 19:56 - 162614877 _____ () C:\Users\Michael\Downloads\renata_hronova_oiling1.wmv
2015-04-19 19:47 - 2015-04-19 19:50 - 76790253 _____ () C:\Users\Michael\Downloads\renata_hronova_biceps_legs1.wmv
2015-04-19 19:47 - 2015-04-19 19:50 - 65038121 _____ () C:\Users\Michael\Downloads\renata_hronova4.wmv
2015-04-19 19:44 - 2015-04-19 19:47 - 104032320 _____ () C:\Users\Michael\Downloads\renata_hronova_full_body_flex_and_calves1.mp4
2015-04-19 19:42 - 2015-04-19 19:47 - 106630411 _____ () C:\Users\Michael\Downloads\tina_chandler13.wmv
2015-04-19 19:40 - 2015-04-19 19:46 - 136646633 _____ () C:\Users\Michael\Downloads\tina_chandler15.wmv
2015-04-19 19:40 - 2015-04-19 19:44 - 104654393 _____ () C:\Users\Michael\Downloads\tina_chandler14.wmv
2015-04-19 19:37 - 2015-04-19 19:41 - 109550453 _____ () C:\Users\Michael\Downloads\tina_chandler17.wmv
2015-04-19 19:37 - 2015-04-19 19:40 - 81590219 _____ () C:\Users\Michael\Downloads\tina_chandler16.wmv
2015-04-19 19:37 - 2015-04-19 19:40 - 64470111 _____ () C:\Users\Michael\Downloads\tina_chandler18.wmv
2015-04-19 19:30 - 2015-04-19 19:36 - 121190543 _____ () C:\Users\Michael\Downloads\tina_chandler19.wmv
2015-04-19 19:30 - 2015-04-19 19:36 - 109814459 _____ () C:\Users\Michael\Downloads\tina_chandler20.wmv
2015-04-19 19:27 - 2015-04-19 19:35 - 99814381 _____ () C:\Users\Michael\Downloads\tina_chandler21.wmv
2015-04-19 19:27 - 2015-04-19 19:35 - 114358489 _____ () C:\Users\Michael\Downloads\tina_chandler22.wmv
2015-04-19 19:24 - 2015-04-19 19:31 - 142054699 _____ () C:\Users\Michael\Downloads\tina_chandler24.wmv
2015-04-19 19:24 - 2015-04-19 19:30 - 114038483 _____ () C:\Users\Michael\Downloads\tina_chandler23.wmv
2015-04-19 19:18 - 2015-04-19 19:36 - 315958689 _____ () C:\Users\Michael\Downloads\tina_chandler_majestic_flexing1.wmv
2015-04-19 19:16 - 2015-04-19 19:24 - 156540664 _____ () C:\Users\Michael\Downloads\tina_chandler_arms_pecs_bed1.wmv
2015-04-19 19:13 - 2015-04-19 19:24 - 208182510 _____ () C:\Users\Michael\Downloads\tina_chandler_legs_bed1.wmv
2015-04-19 19:13 - 2015-04-19 19:23 - 208727177 _____ () C:\Users\Michael\Downloads\tina_chandler_tight_muscle_dress1.wmv
2015-04-19 19:09 - 2015-04-19 19:17 - 214087639 _____ () C:\Users\Michael\Downloads\tina_chandler_upper_flex_in_bed1.wmv
2015-04-19 19:05 - 2015-04-19 19:13 - 196677465 _____ () C:\Users\Michael\Downloads\tina_chandler_hard_flexing1.mp4
2015-04-19 18:57 - 2015-04-19 19:11 - 275588322 _____ () C:\Users\Michael\Downloads\tina_chandler_desire1.mp4
2015-04-19 18:57 - 2015-04-19 19:06 - 145207236 _____ () C:\Users\Michael\Downloads\tina_chandler_poolside_muscle1.mp4
2015-04-19 18:52 - 2015-04-19 19:06 - 289571144 _____ () C:\Users\Michael\Downloads\tina_chandler_poolside_muscle2.mp4
2015-04-19 18:52 - 2015-04-19 19:06 - 207618444 _____ () C:\Users\Michael\Downloads\tina_chandler_arms_in_bed2.wmv
2015-04-19 18:48 - 2015-04-19 19:01 - 297730736 _____ () C:\Users\Michael\Downloads\tina_chandler_dress1.mp4
2015-04-19 18:48 - 2015-04-19 18:55 - 162081361 _____ () C:\Users\Michael\Downloads\tina_chandler_leg_tease1.mp4
2015-04-19 18:48 - 2015-04-19 18:52 - 81808555 _____ () C:\Users\Michael\Downloads\tina_chandler_poolside_muscle3.mp4
2015-04-19 18:43 - 2015-04-19 18:47 - 91302283 _____ () C:\Users\Michael\Downloads\shawn_tan8.wmv
2015-04-19 18:43 - 2015-04-19 18:47 - 105510391 _____ () C:\Users\Michael\Downloads\shawn_tan7.wmv
2015-04-19 18:41 - 2015-04-19 18:45 - 84254229 _____ () C:\Users\Michael\Downloads\shawn_tan10.wmv
2015-04-19 18:41 - 2015-04-19 18:45 - 108558415 _____ () C:\Users\Michael\Downloads\shawn_tan9.wmv
2015-04-19 18:37 - 2015-04-19 18:42 - 148451582 _____ () C:\Users\Michael\Downloads\shawn_tan_voluptuous_bicep_flex1.mp4
2015-04-19 18:37 - 2015-04-19 18:42 - 111110433 _____ () C:\Users\Michael\Downloads\shawn_tan12.wmv
2015-04-19 18:37 - 2015-04-19 18:40 - 74150151 _____ () C:\Users\Michael\Downloads\shawn_tan11.wmv
2015-04-19 18:32 - 2015-04-19 18:36 - 109446441 _____ () C:\Users\Michael\Downloads\alina_popa25.wmv
2015-04-19 18:32 - 2015-04-19 18:36 - 105334417 _____ () C:\Users\Michael\Downloads\alina_popa27.wmv
2015-04-19 18:32 - 2015-04-19 18:35 - 73182171 _____ () C:\Users\Michael\Downloads\alina_popa26.wmv
2015-04-19 18:30 - 2015-04-19 18:33 - 80406231 _____ () C:\Users\Michael\Downloads\alina_popa28.wmv
2015-04-19 18:25 - 2015-04-19 18:32 - 142742699 _____ () C:\Users\Michael\Downloads\alina_popa29.wmv
2015-04-19 18:21 - 2015-04-19 18:31 - 201391143 _____ () C:\Users\Michael\Downloads\alina_popa32.wmv
2015-04-19 18:21 - 2015-04-19 18:30 - 154502789 _____ () C:\Users\Michael\Downloads\alina_popa30.wmv
2015-04-19 18:21 - 2015-04-19 18:28 - 129358597 _____ () C:\Users\Michael\Downloads\alina_popa31.wmv
2015-04-19 18:16 - 2015-04-19 18:20 - 98750363 _____ () C:\Users\Michael\Downloads\alina_popa34.wmv
2015-04-19 18:16 - 2015-04-19 18:20 - 138142657 _____ () C:\Users\Michael\Downloads\alina_popa33.wmv
2015-04-19 18:11 - 2015-04-19 18:19 - 157398807 _____ () C:\Users\Michael\Downloads\alina_popa35.wmv
2015-04-19 18:08 - 2015-04-19 18:16 - 192935077 _____ () C:\Users\Michael\Downloads\alina_popa36.wmv
2015-04-19 18:08 - 2015-04-19 18:15 - 144710711 _____ () C:\Users\Michael\Downloads\alina_popa38.wmv
2015-04-19 18:08 - 2015-04-19 18:14 - 137254657 _____ () C:\Users\Michael\Downloads\alina_popa37.wmv
2015-04-19 18:02 - 2015-04-19 18:07 - 195375097 _____ () C:\Users\Michael\Downloads\alina_popa39.wmv
2015-04-19 17:57 - 2015-04-19 18:07 - 289735909 _____ () C:\Users\Michael\Downloads\alina_popa_sensual_stockings1.wmv
2015-04-19 17:57 - 2015-04-19 18:03 - 177901948 _____ () C:\Users\Michael\Downloads\alina_popa_glistening_poolside_muscle1.wmv
2015-04-19 17:57 - 2015-04-19 18:02 - 118094515 _____ () C:\Users\Michael\Downloads\alina_popa40.wmv
2015-04-19 17:46 - 2015-04-19 17:56 - 172951444 _____ () C:\Users\Michael\Downloads\alina_popa_sensual_oiling_upper_body1.wmv
2015-04-19 17:43 - 2015-04-19 17:56 - 270621411 _____ () C:\Users\Michael\Downloads\alina_popa_sexy_hardness1.mp4
2015-04-19 17:43 - 2015-04-19 17:55 - 236992853 _____ () C:\Users\Michael\Downloads\alina_popa_beautiful1.mp4
2015-04-19 17:43 - 2015-04-19 17:54 - 275649246 _____ () C:\Users\Michael\Downloads\alina_popa_sensually_oiled1.mp4
2015-04-19 17:36 - 2015-04-19 17:42 - 215611629 _____ () C:\Users\Michael\Downloads\alina_popa_upclose1.mp4
2015-04-19 17:36 - 2015-04-19 17:42 - 197235035 _____ () C:\Users\Michael\Downloads\alina_popa_upclose2.mp4
2015-04-19 17:31 - 2015-04-19 17:37 - 162857892 _____ () C:\Users\Michael\Downloads\alina_popa_glistening_poolside_muscle2.wmv
2015-04-19 17:31 - 2015-04-19 17:37 - 143600089 _____ () C:\Users\Michael\Downloads\alina_popa_sensual_oiling_legs2.wmv
2015-04-19 17:27 - 2015-04-19 17:34 - 146100625 _____ () C:\Users\Michael\Downloads\alina_poolscissors_annie1.mp4
2015-04-19 17:27 - 2015-04-19 17:34 - 139438578 _____ () C:\Users\Michael\Downloads\alina_popa_massive_offseason_shape1.mp4
2015-04-19 17:20 - 2015-04-19 17:29 - 318370445 _____ () C:\Users\Michael\Downloads\alina_super_muscleworship2.mp4
2015-04-19 17:20 - 2015-04-19 17:29 - 239542111 _____ () C:\Users\Michael\Downloads\alina_popa_powerful_glutes_and_arms1.mp4
2015-04-19 17:16 - 2015-04-19 17:22 - 209438366 _____ () C:\Users\Michael\Downloads\alina_popa_muscular_powerplay1.mp4
2015-04-19 17:15 - 2015-04-19 17:19 - 75919024 _____ () C:\Users\Michael\Downloads\2014_chicago_pro_bb_prejudging5.mp4
2015-04-19 17:15 - 2015-04-19 17:17 - 56802878 _____ () C:\Users\Michael\Downloads\2014_chicago_pro_bb_prejudging6.mp4
2015-04-19 17:12 - 2015-04-19 17:19 - 207260899 _____ () C:\Users\Michael\Downloads\2014_chicago_pro_bb_prejudging3.mp4
2015-04-19 17:12 - 2015-04-19 17:14 - 73044981 _____ () C:\Users\Michael\Downloads\2014_chicago_pro_bb_prejudging4.mp4
2015-04-19 17:09 - 2015-04-19 17:13 - 78602884 _____ () C:\Users\Michael\Downloads\2014_chicago_pro_bb_prejudging2.mp4
2015-04-19 17:02 - 2015-04-19 17:12 - 174512963 _____ () C:\Users\Michael\Downloads\2014_chicago_pro_bb_prejudging1.mp4
2015-04-19 17:02 - 2015-04-19 17:11 - 146430578 _____ () C:\Users\Michael\Downloads\2014_chicago_pro_ph_prejudging1.mp4
2015-04-19 17:01 - 2015-04-19 17:08 - 108046439 _____ () C:\Users\Michael\Downloads\nuriye_evans25.wmv
2015-04-19 17:01 - 2015-04-19 17:07 - 90766307 _____ () C:\Users\Michael\Downloads\nuriye_evans26.wmv
2015-04-19 16:50 - 2015-04-19 17:10 - 286432667 _____ () C:\Users\Michael\Downloads\nuriye_evans_seductive_flex1.mp4
2015-04-19 16:50 - 2015-04-19 17:08 - 259614226 _____ () C:\Users\Michael\Downloads\nuriye_evans_in_nylons1.mp4
2015-04-19 16:50 - 2015-04-19 16:59 - 152798775 _____ () C:\Users\Michael\Downloads\nuriye_evans27.wmv
2015-04-19 16:50 - 2015-04-19 16:59 - 138542667 _____ () C:\Users\Michael\Downloads\nuriye_evans28.wmv
2015-04-19 16:46 - 2015-04-19 16:58 - 274550606 _____ () C:\Users\Michael\Downloads\nuriye_evans_back_alley_flex1.mp4
2015-04-19 16:41 - 2015-04-19 16:49 - 201005682 _____ () C:\Users\Michael\Downloads\nuriye_evans_in_nylons2.mp4
2015-04-19 16:41 - 2015-04-19 16:48 - 134297436 _____ () C:\Users\Michael\Downloads\nuriye_evans_more_nylons1.mp4
2015-04-19 16:31 - 2015-04-19 16:36 - 219609652 _____ () C:\Users\Michael\Downloads\jenni_nuriye_posedown_comparisons_with_quad_shake_mostmusculars1.mp4
2015-04-19 16:26 - 2015-04-19 16:45 - 281880690 _____ () C:\Users\Michael\Downloads\nuriye_evans_rooftop_muscle_seduction1.mp4
2015-04-19 16:24 - 2015-04-19 16:46 - 324719449 _____ () C:\Users\Michael\Downloads\nuriye_evans_clothing_cannot_contain_her1.mp4
2015-04-19 16:24 - 2015-04-19 16:30 - 246828579 _____ () C:\Users\Michael\Downloads\naughty_nuriye_naughty_muscletalk1.mp4
2015-04-19 16:19 - 2015-04-19 16:39 - 253337375 _____ () C:\Users\Michael\Downloads\nuriye_evans_dominant_muscletalk1.mp4
2015-04-19 16:19 - 2015-04-19 16:25 - 185476164 _____ () C:\Users\Michael\Downloads\nuriye_evans_barbend_shirt_rip1.mp4
2015-04-19 16:15 - 2015-04-19 16:21 - 113484120 _____ () C:\Users\Michael\Downloads\aleesha_young_muscular_sensuality2.mp4
2015-04-19 16:14 - 2015-04-19 16:23 - 194994915 _____ () C:\Users\Michael\Downloads\aleesha_young_muscular_sensuality1.mp4
2015-04-19 16:10 - 2015-04-19 16:19 - 169253054 _____ () C:\Users\Michael\Downloads\aleesha_young_maximum_muscle2.mp4
2015-04-19 16:03 - 2015-04-19 16:18 - 394207109 _____ () C:\Users\Michael\Downloads\aleesha_young_sensual_assets1.mp4
2015-04-19 16:03 - 2015-04-19 16:13 - 166395528 _____ () C:\Users\Michael\Downloads\aleesha_young_maximum_muscle1.mp4
2015-04-19 15:57 - 2015-04-19 16:10 - 194644177 _____ () C:\Users\Michael\Downloads\aleesha_young_red_jumpsuit1.mp4
2015-04-19 15:57 - 2015-04-19 16:09 - 192122429 _____ () C:\Users\Michael\Downloads\aleesha_young_poolside_muscle1.wmv
2015-04-19 15:57 - 2015-04-19 16:07 - 148371158 _____ () C:\Users\Michael\Downloads\aleesha_young_red_jumpsuit_closeup_biceps_pecbounce1.mp4
2015-04-19 15:51 - 2015-04-19 16:03 - 356605935 _____ () C:\Users\Michael\Downloads\aleesha_young_voluptuous_muscle1.wmv
2015-04-19 15:49 - 2015-04-19 15:56 - 176868672 _____ () C:\Users\Michael\Downloads\virginia_sanchez_the_gun_show1.mp4
2015-04-19 15:49 - 2015-04-19 15:55 - 154512499 _____ () C:\Users\Michael\Downloads\virginia_sanchez_huge1.mp4
2015-04-19 15:41 - 2015-04-19 15:49 - 203181564 _____ () C:\Users\Michael\Downloads\virginia_sanchez_walk_with_virginia1.mp4
2015-04-19 15:36 - 2015-04-19 15:48 - 243469651 _____ () C:\Users\Michael\Downloads\virginia_sanchez_back_alley_flex2.mp4
2015-04-19 15:36 - 2015-04-19 15:48 - 220831794 _____ () C:\Users\Michael\Downloads\virginia_sanchez_extreme_muscle1.mp4
2015-04-19 15:36 - 2015-04-19 15:48 - 210655405 _____ () C:\Users\Michael\Downloads\virginia_sanchez_extreme_muscle2.mp4
2015-04-19 15:31 - 2015-04-19 15:39 - 245034088 _____ () C:\Users\Michael\Downloads\virginia_sanchez_back_alley_flex1.mp4
2015-04-19 15:31 - 2015-04-19 15:36 - 156238873 _____ () C:\Users\Michael\Downloads\virginia_sanchez_massive_pecs_arms1.wmv
2015-04-19 15:28 - 2015-04-19 15:33 - 105278443 _____ () C:\Users\Michael\Downloads\virginia_sanchez16.wmv
2015-04-19 15:25 - 2015-04-19 15:29 - 83406275 _____ () C:\Users\Michael\Downloads\virginia_sanchez15.wmv
2015-04-19 15:21 - 2015-04-19 15:28 - 119174545 _____ () C:\Users\Michael\Downloads\virginia_sanchez14.wmv
2015-04-19 15:21 - 2015-04-19 15:27 - 114126509 _____ () C:\Users\Michael\Downloads\virginia_sanchez13.wmv
2015-04-19 15:20 - 2015-04-19 15:31 - 247194929 _____ () C:\Users\Michael\Downloads\virginia_sanchez_flexing_machine1.mp4
2015-04-19 15:20 - 2015-04-19 15:30 - 173481375 _____ () C:\Users\Michael\Downloads\virginia_sanchez_closeups1.mp4
2015-04-19 14:17 - 2015-04-19 14:25 - 148423912 _____ () C:\Users\Michael\Downloads\michaela_schaar_big_thighs1.mp4
2015-04-19 14:17 - 2015-04-19 14:24 - 135495608 _____ () C:\Users\Michael\Downloads\michaela_schaar_powerful_muscle1.mp4
2015-04-19 14:12 - 2015-04-19 14:26 - 222539274 _____ () C:\Users\Michael\Downloads\michaela_schaar_mostmusculars_dress1.wmv
2015-04-19 14:12 - 2015-04-19 14:21 - 109758511 _____ () C:\Users\Michael\Downloads\michaela_schaar_camo_muscle1.wmv
2015-04-19 14:12 - 2015-04-19 14:17 - 204108072 _____ () C:\Users\Michael\Downloads\michaela_schaar_flexing_in_bed1.wmv
2015-04-19 14:09 - 2015-04-19 14:23 - 241972689 _____ () C:\Users\Michael\Downloads\michaela_schaar_camo1.wmv
2015-04-19 14:05 - 2015-04-19 14:12 - 81062241 _____ () C:\Users\Michael\Downloads\michaela_schaar4.wmv
2015-04-19 14:05 - 2015-04-19 14:12 - 141353817 _____ () C:\Users\Michael\Downloads\michaela_schaar_glamour_muscle1.mp4
2015-04-19 14:05 - 2015-04-19 14:11 - 92062349 _____ () C:\Users\Michael\Downloads\michaela_schaar2.wmv
2015-04-19 14:05 - 2015-04-19 14:11 - 78230223 _____ () C:\Users\Michael\Downloads\michaela_schaar3.wmv
2015-04-19 14:05 - 2015-04-19 14:09 - 92046349 _____ () C:\Users\Michael\Downloads\michaela_schaar1.wmv
2015-04-15 18:39 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:39 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:39 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:39 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:39 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:38 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:38 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:38 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:38 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:38 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 18:38 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 18:38 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:38 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 18:38 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:38 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 18:38 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 18:38 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 18:38 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 18:38 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 18:38 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 18:38 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 18:38 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 18:38 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 18:38 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 18:38 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:38 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 18:38 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 18:38 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 18:38 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 18:38 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 18:38 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 18:37 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 18:37 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 18:37 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 18:37 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 18:37 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:36 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 18:36 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 18:36 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 18:36 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 18:36 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 18:36 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 18:36 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 18:36 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:36 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 18:36 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 18:36 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 18:36 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 18:36 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 18:36 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:36 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 18:36 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 18:36 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:36 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 18:36 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 18:36 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 18:36 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:36 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 18:36 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:36 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:36 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:36 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 18:35 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:35 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 18:35 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:35 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 18:35 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:35 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 18:35 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 18:35 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 18:35 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 18:35 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 18:35 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:35 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 18:35 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 18:35 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:35 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 18:35 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 18:35 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:35 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 18:35 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 18:35 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 18:35 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 18:35 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:35 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 18:35 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 18:35 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 18:35 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:35 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 18:35 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:35 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:35 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 18:35 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:35 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:35 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:34 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 18:34 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:34 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 18:02 - 2015-04-14 00:04 - 00000000 ____D () C:\Kat
2015-04-12 14:08 - 2015-04-12 14:19 - 00000000 ____D () C:\Fibo
2015-04-08 20:43 - 2015-04-13 18:01 - 00000000 ____D () C:\Fib
2015-04-06 14:23 - 2015-04-06 14:23 - 00160544 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-04-04 16:05 - 2015-04-04 16:05 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 16:05 - 2015-04-04 16:05 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 13:47 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 13:47 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-21 12:29 - 2013-09-17 20:21 - 01974803 _____ () C:\Windows\WindowsUpdate.log
2015-04-21 12:21 - 2014-12-17 20:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-21 12:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 23:20 - 2013-10-08 16:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-20 20:42 - 2014-04-07 23:02 - 00000000 ____D () C:\Users\Michael\dwhelper
2015-04-20 19:08 - 2014-12-25 19:54 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-20 19:08 - 2014-08-20 13:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2015-04-20 19:07 - 2013-09-17 23:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-20 16:29 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-20 16:29 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-20 16:29 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 15:31 - 2014-12-19 15:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2015-04-19 14:41 - 2013-09-19 18:50 - 00000000 ____D () C:\Windows\Minidump
2015-04-18 18:41 - 2013-09-17 23:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-18 18:41 - 2013-09-17 23:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 17:17 - 2014-12-10 15:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 17:17 - 2014-04-23 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 17:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 22:27 - 2013-09-19 18:46 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 22:25 - 2013-09-17 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 22:22 - 2013-09-17 21:40 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-10 12:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-28 23:33 - 2015-02-16 14:07 - 00000000 ____D () C:\vom Stick
2015-03-23 17:59 - 2014-12-17 20:37 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-23 17:59 - 2014-12-17 20:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 

==================== Files in the root of some directories =======

2014-12-17 19:49 - 2014-12-17 19:49 - 0614867 _____ () C:\ProgramData\1418838162.bdinstall.bin

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 14:48

==================== End Of Log ============================

--- --- ---

--- --- ---

und der Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by XXX at 2015-04-21 13:51:12
Running from C:\Users\XXX\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version:  - ArcSoft)
Ashampoo Photo Card v.1.0.0 (HKLM-x32\...\{C92AB6F1-EC2E-85C8-C6D7-5BB8C2F89C7F}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Audials (HKLM-x32\...\{B3E99777-3515-4B50-B9FB-EB5E8E750F92}) (Version: 11.0.51800.0 - Audials AG)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.19.0.1369 - Bitdefender)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2008.4.0.143 - MaierSoft)
Unity Web Player (HKU\S-1-5-21-3824867406-694797547-1926319732-1000\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - Ihr Firmenname)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-04-2015 22:21:37 Windows Update
15-04-2015 18:34:34 Windows Update
15-04-2015 22:19:12 Windows Update
21-04-2015 12:27:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D93FC08-CD24-43CC-871D-8686F79676C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {58B55D4B-F475-4A0E-AB3F-F6594DB694D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8AD3E8D1-0F76-43E0-AC57-AA8D0C3036FC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {D75B1A13-A221-4578-A9EF-B8B2F8151DBF} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E110D2B2-10F1-47A6-9E64-4924F8DB4AB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {EA8339EB-3CEE-45A1-9334-E7917CDDE480} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

==================== Loaded Modules (whitelisted) ==============

2014-12-17 19:47 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-12-17 19:47 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-12-16 21:49 - 2014-11-19 21:28 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-12-17 19:48 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-20 16:32 - 2015-04-20 16:32 - 00789856 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpbr.mdl
2015-04-20 16:32 - 2015-04-20 16:32 - 00710016 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpdsp.mdl
2015-04-20 16:32 - 2015-04-20 16:32 - 02683008 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpph.mdl
2015-04-20 16:32 - 2015-04-20 16:32 - 01325480 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttprbl.mdl
2013-09-18 00:13 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-08 17:47 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Michael\Downloads\AdwCleaner_4.201.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\AudialsOne11_CBE.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\pdf24-creator-6.3.2.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3824867406-694797547-1926319732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3824867406-694797547-1926319732-500 - Administrator - Disabled)
Gast (S-1-5-21-3824867406-694797547-1926319732-501 - Limited - Disabled)
Michael (S-1-5-21-3824867406-694797547-1926319732-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2015 11:22:14 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/20/2015 11:22:14 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/20/2015 11:22:14 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/20/2015 11:22:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (04/20/2015 11:22:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3804) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00042.log.


System errors:
=============
Error: (04/20/2015 11:22:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/20/2015 11:22:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (04/20/2015 11:19:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/20/2015 11:19:57 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/20/2015 11:19:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/20/2015 11:19:57 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/20/2015 11:19:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/20/2015 11:19:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/20/2015 11:19:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2015 11:19:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BrYNSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/20/2015 11:22:14 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/20/2015 11:22:14 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/20/2015 11:22:14 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/20/2015 11:22:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (04/20/2015 11:22:13 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (04/20/2015 11:22:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3804Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00042.log-1811


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 45%
Total physical RAM: 4095.18 MB
Available physical RAM: 2228.29 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 5800.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:184.79 GB) (Free:59.78 GB) NTFS
Drive m: (Volume) (Fixed) (Total:150.46 GB) (Free:40.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335.4 GB) (Disk ID: DBFB8ACA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 22.04.2015, 07:26

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sonic13 · 22.04.2015, 14:01

Hallo Schrauber,

ich habe Combofix ausgeführt, leider hatte ich überlesen das ich Combofix vom Desktop ausführen sollte.

(ist mir erst nachdem der Scan fertig war aufgefallen). Ich habe den Scan noch einmal vom Desktop aus wiederholt. Leider fehlt vom ersten Scan nun das Protokoll. Es wurde aber eine Datei von Combofix gelöscht. Programm/Data/bdinstall.bin meine ich hieß diese.
Die Anzeige von virtualcloud ist nach dem Combofix Scan und einem Neustart und Wiedereinschalten von Bitdefender im Moment nicht mehr aufgetaucht. Nach dem heutigen Starten des PC´s(vor Ausführung Combofix) kam von den 3 Virtual Cloud Meldungen nur noch 1.

Hier nun der Combofix.txt:

Code:

ATTFilter

ComboFix 15-04-19.01 - Michael 22.04.2015  14:31:33.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2543 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-22 bis 2015-04-22  ))))))))))))))))))))))))))))))
.
.
2015-04-22 12:35 . 2015-04-22 12:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-22 12:12 . 2015-04-22 12:12	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C98A76D7-F125-4EF9-ABDF-E4D480107A96}\offreg.dll
2015-04-21 11:49 . 2015-04-21 11:51	--------	d-----w-	C:\FRST
2015-04-21 10:28 . 2015-04-04 06:25	12032440	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C98A76D7-F125-4EF9-ABDF-E4D480107A96}\mpengine.dll
2015-04-20 21:16 . 2015-04-20 21:23	--------	d-----w-	C:\AdwCleaner
2015-04-15 16:38 . 2015-03-23 03:24	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-04-15 16:37 . 2015-03-17 05:11	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:36 . 2015-02-25 03:18	754688	----a-w-	c:\windows\system32\drivers\http.sys
2015-04-15 16:35 . 2015-03-13 03:27	628736	----a-w-	c:\program files\Internet Explorer\jsprofilerui.dll
2015-04-15 16:34 . 2015-03-04 04:55	367552	----a-w-	c:\windows\system32\clfs.sys
2015-04-15 16:34 . 2015-03-04 04:41	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-04-15 16:34 . 2015-03-04 04:10	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-04-13 16:02 . 2015-04-13 22:04	--------	d-----w-	C:\Kat
2015-04-08 18:43 . 2015-04-13 16:01	--------	d-----w-	C:\Fib
2015-04-06 12:23 . 2015-04-06 12:23	160544	----a-w-	c:\windows\system32\drivers\gzflt.sys
2015-04-04 14:05 . 2015-04-04 14:05	--------	d-s---w-	c:\windows\system32\GWX
2015-04-04 14:05 . 2015-04-04 14:05	--------	d-s---w-	c:\windows\SysWow64\GWX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-21 12:28 . 2014-12-17 18:37	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-18 16:41 . 2013-09-17 21:46	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-18 16:41 . 2013-09-17 21:46	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 20:22 . 2013-09-17 19:40	128913832	----a-w-	c:\windows\system32\MRT.exe
2015-03-17 05:15 . 2014-12-17 18:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-03-17 05:15 . 2014-12-17 18:37	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 05:15 . 2014-12-17 18:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-03-17 04:56 . 2015-04-15 16:38	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-02-26 03:25 . 2015-03-11 18:07	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 16:26 . 2015-02-24 16:26	262544	----a-w-	c:\windows\system32\drivers\avchv.sys
2015-02-24 16:26 . 2015-02-24 16:26	84848	----a-w-	c:\windows\system32\bdsandboxuiskin.dll
2015-02-24 16:26 . 2015-02-24 16:26	1306464	----a-w-	c:\windows\system32\drivers\avc3.sys
2015-02-24 16:25 . 2015-02-24 16:25	74000	----a-w-	c:\windows\system32\bdsandboxuiskin32.dll
2015-02-24 16:24 . 2015-01-20 17:09	82824	----a-w-	c:\windows\system32\drivers\bdsandbox.sys
2015-02-24 16:24 . 2015-01-20 17:09	33360	----a-w-	c:\windows\system32\bdsandboxuh.dll
2015-02-24 16:24 . 2014-12-17 17:47	677104	----a-w-	c:\windows\system32\drivers\avckf.sys
2015-02-24 02:17 . 2013-09-17 18:53	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-11 18:10	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 18:10	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 18:10	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 18:10	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 18:10	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 18:10	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 18:10	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 18:10	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 18:10	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 18:10	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-13 05:22 . 2015-03-11 18:08	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-04 10:23 . 2015-02-04 10:23	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13	869536	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 18:04	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 18:04	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 18:10	693176	----a-w-	c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 18:10	94656	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 18:10	616360	----a-w-	c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 18:10	14632960	----a-w-	c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 18:10	782848	----a-w-	c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 18:10	229376	----a-w-	c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 18:07	1424896	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 18:08	215552	----a-w-	c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 18:09	5120	----a-w-	c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 18:09	5120	----a-w-	c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 18:09	63488	----a-w-	c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 18:10	1574400	----a-w-	c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 18:10	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 18:10	371712	----a-w-	c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 18:10	188416	----a-w-	c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 18:09	37376	----a-w-	c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 18:09	9728	----a-w-	c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 18:10	641024	----a-w-	c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 18:09	325632	----a-w-	c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 18:09	11264	----a-w-	c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 18:10	4121600	----a-w-	c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 18:10	432128	----a-w-	c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 18:09	206848	----a-w-	c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 18:10	631808	----a-w-	c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 18:09	284672	----a-w-	c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 18:10	1202176	----a-w-	c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 18:10	497664	----a-w-	c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 18:10	1480192	----a-w-	c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 18:10	140288	----a-w-	c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 18:10	1069056	----a-w-	c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 18:10	187904	----a-w-	c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 18:09	82432	----a-w-	c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 18:10	680960	----a-w-	c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 18:10	842240	----a-w-	c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 18:10	296448	----a-w-	c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 18:09	440832	----a-w-	c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 18:09	58880	----a-w-	c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 18:09	32256	----a-w-	c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 18:09	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 18:09	9728	----a-w-	c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 18:09	11264	----a-w-	c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 18:09	24576	----a-w-	c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 18:10	126464	----a-w-	c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 18:09	17920	----a-w-	c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 18:09	146944	----a-w-	c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 18:09	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 18:09	8704	----a-w-	c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 18:09	2048	----a-w-	c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 18:09	663552	----a-w-	c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 18:10	617984	----a-w-	c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 18:10	179200	----a-w-	c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 18:07	1230848	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 18:08	171520	----a-w-	c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 18:09	4096	----a-w-	c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 18:09	4096	----a-w-	c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 18:10	1329664	----a-w-	c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 18:10	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 18:09	442880	----a-w-	c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 18:09	8192	----a-w-	c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 18:10	504320	----a-w-	c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 18:09	265216	----a-w-	c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 18:10	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-11 18:10	354816	----a-w-	c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-11 18:09	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2015-02-03 03:12 . 2015-03-11 18:10	489984	----a-w-	c:\windows\SysWow64\evr.dll
2015-02-03 03:12 . 2015-03-11 18:10	988160	----a-w-	c:\windows\SysWow64\drmv2clt.dll
2015-02-03 03:12 . 2015-03-11 18:10	406016	----a-w-	c:\windows\SysWow64\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-11 18:10	1174528	----a-w-	c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender-Geldbörse-Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-02-24 790880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 ZY760_64;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\DRIVERS\WlanUZ64.SYS;c:\windows\SYSNATIVE\DRIVERS\WlanUZ64.SYS [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 RrNetCapFilterDriver;RadioRip Filter Driver;c:\windows\system32\DRIVERS\RrNetCapFilterDriver.sys;c:\windows\SYSNATIVE\DRIVERS\RrNetCapFilterDriver.sys [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-06-28 13631704]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-04-06 1691112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.de/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default\
FF - prefs.js: browser.search.selectedEngine - Bing
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-22  14:37:57
ComboFix-quarantined-files.txt  2015-04-22 12:37
ComboFix2.txt  2015-04-22 12:27
.
Vor Suchlauf: 18 Verzeichnis(se), 63.191.904.256 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 63.124.762.624 Bytes frei
.
- - End Of File - - 8C4A546D05CBADEB0162EDBD367E0085
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 23.04.2015, 07:37

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Sonic13 · 23.04.2015, 13:44

Hi,
mittlerweile ist es wieder so das die 3 virtualcloudnow-Meldungen wieder zusammen von Bitdenfender gemeldet werden. Gestern war es wie geschrieben nur eine und heute die anderen beiden zusammen. In einer steht in jedemfall etwas von Firefox.

hier nun alle Scans

Malware-Bytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.04.2015
Suchlauf-Zeit: 13:56:13
Logdatei: mbatxt.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.23.04
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Michael

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 346098
Verstrichene Zeit: 16 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Cleaner:

Code:

ATTFilter

# AdwCleaner v4.201 - Bericht erstellt 23/04/2015 um 14:20:32
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-22.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Michael - XXX-PC
# Gestarted von : C:\Users\Michael\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 de)


*************************

AdwCleaner[R0].txt - [1271 Bytes] - [20/04/2015 23:16:58]
AdwCleaner[R1].txt - [916 Bytes] - [23/04/2015 14:18:47]
AdwCleaner[S0].txt - [1339 Bytes] - [20/04/2015 23:19:27]
AdwCleaner[S1].txt - [837 Bytes] - [23/04/2015 14:20:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [895  Bytes] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.1 (04.23.2015:1)
OS: Windows 7 Home Premium x64
Ran by Michael on 23.04.2015 at 14:27:00,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\v0lyuz82.default\minidumps [124 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.04.2015 at 14:30:08,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Michael (administrator) on XXX-PC on 23-04-2015 14:31:54
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available profiles: Michael)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13631704 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-06] (Bitdefender)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3824867406-694797547-1926319732-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3824867406-694797547-1926319732-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS)
FF Extension: Ghostery - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default\Extensions\firefox@ghostery.com.xpi [2015-04-21]
FF Extension: {66740287-d43f-4f7d-9a7e-d71d506065dd} - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default\Extensions\{66740287-d43f-4f7d-9a7e-d71d506065dd}.xpi [2014-12-04]
FF Extension: NoScript - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-20]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v0lyuz82.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-20]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-16]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-06] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-06] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 ZY760_64; C:\Windows\System32\DRIVERS\WlanUZ64.SYS [493696 2006-03-20] (ZyDAS Technology Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 14:31 - 2015-04-23 14:32 - 00010808 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-04-23 14:30 - 2015-04-23 14:30 - 00001326 _____ () C:\Users\Michael\Desktop\JRT.txt
2015-04-23 14:27 - 2015-04-23 14:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MICHAEL-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-23 14:27 - 2015-04-23 14:27 - 00000000 ____D () C:\RegBackup
2015-04-23 14:24 - 2015-04-23 14:20 - 00000974 _____ () C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2015-04-23 14:17 - 2015-04-23 14:17 - 00001210 _____ () C:\Users\Michael\Desktop\mba.txt
2015-04-23 12:11 - 2015-04-21 13:48 - 02099712 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-04-23 12:08 - 2015-04-23 12:08 - 02685470 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2015-04-23 12:08 - 2015-04-23 12:08 - 02685470 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2015-04-23 12:07 - 2015-04-20 23:15 - 02217984 _____ () C:\Users\Michael\Desktop\AdwCleaner_4.201.exe
2015-04-23 11:58 - 2015-04-23 14:22 - 00000168 _____ () C:\Windows\setupact.log
2015-04-23 11:58 - 2015-04-23 11:58 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-22 14:37 - 2015-04-22 14:37 - 00021846 _____ () C:\ComboFix.txt
2015-04-22 14:16 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-22 14:16 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-22 14:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-22 14:10 - 2015-04-22 14:38 - 00000000 ____D () C:\Qoobox
2015-04-22 14:10 - 2015-04-22 14:26 - 00000000 ____D () C:\Windows\erdnt
2015-04-22 14:08 - 2015-04-22 14:08 - 05619466 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2015-04-21 13:51 - 2015-04-21 13:51 - 00019271 _____ () C:\Users\Michael\Downloads\Addition.txt
2015-04-21 13:50 - 2015-04-21 13:51 - 00073549 _____ () C:\Users\Michael\Downloads\FRST.txt
2015-04-21 13:49 - 2015-04-23 14:31 - 00000000 ____D () C:\FRST
2015-04-21 13:48 - 2015-04-21 13:48 - 02099712 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2015-04-21 12:47 - 2015-04-21 12:47 - 00002703 _____ () C:\Users\Michael\Desktop\Microsoft Office Word 2003.lnk
2015-04-20 23:16 - 2015-04-23 14:20 - 00000000 ____D () C:\AdwCleaner
2015-04-20 23:15 - 2015-04-20 23:15 - 02217984 _____ () C:\Users\Michael\Downloads\AdwCleaner_4.201.exe
2015-04-20 22:39 - 2015-04-20 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 19:08 - 2015-04-20 19:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-20 19:08 - 2015-04-20 19:08 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-15 18:39 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:39 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:39 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:39 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:39 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:38 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:38 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:38 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:38 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:38 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 18:38 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 18:38 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:38 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 18:38 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:38 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 18:38 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 18:38 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 18:38 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 18:38 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 18:38 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 18:38 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 18:38 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 18:38 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 18:38 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 18:38 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:38 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 18:38 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 18:38 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 18:38 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 18:38 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 18:38 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 18:37 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 18:37 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 18:37 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 18:37 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 18:37 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:36 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 18:36 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 18:36 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 18:36 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 18:36 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 18:36 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 18:36 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 18:36 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:36 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 18:36 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 18:36 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 18:36 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 18:36 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 18:36 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:36 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 18:36 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 18:36 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:36 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 18:36 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 18:36 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 18:36 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:36 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 18:36 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:36 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:36 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:36 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 18:35 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:35 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 18:35 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:35 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 18:35 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:35 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 18:35 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 18:35 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 18:35 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 18:35 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 18:35 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:35 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 18:35 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 18:35 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:35 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 18:35 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 18:35 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:35 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 18:35 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 18:35 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 18:35 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 18:35 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:35 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 18:35 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 18:35 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 18:35 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:35 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 18:35 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:35 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:35 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 18:35 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:35 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:35 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:34 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 18:34 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:34 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 18:02 - 2015-04-14 00:04 - 00000000 ____D () C:\Kat
2015-04-12 14:08 - 2015-04-12 14:19 - 00000000 ____D () C:\Fibo
2015-04-08 20:43 - 2015-04-13 18:01 - 00000000 ____D () C:\Fib
2015-04-06 14:23 - 2015-04-06 14:23 - 00160544 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-04-04 16:05 - 2015-04-04 16:05 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 16:05 - 2015-04-04 16:05 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 14:30 - 2013-09-17 20:21 - 01103621 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 14:27 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 14:27 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 14:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 13:56 - 2014-12-17 20:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 13:45 - 2013-09-19 18:46 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-23 13:45 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-23 13:45 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-23 13:45 - 2009-07-14 07:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 12:35 - 2014-04-07 23:02 - 00000000 ____D () C:\Users\Michael\dwhelper
2015-04-23 12:05 - 2014-12-17 20:37 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-23 12:05 - 2014-12-17 20:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-22 14:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-22 14:27 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-20 23:20 - 2013-10-08 16:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-20 19:08 - 2014-12-25 19:54 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-20 19:08 - 2014-08-20 13:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2015-04-20 19:07 - 2013-09-17 23:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-19 15:31 - 2014-12-19 15:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2015-04-19 14:41 - 2013-09-19 18:50 - 00000000 ____D () C:\Windows\Minidump
2015-04-18 18:41 - 2013-09-17 23:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-18 18:41 - 2013-09-17 23:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 17:17 - 2014-12-10 15:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 17:17 - 2014-04-23 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 17:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 22:25 - 2013-09-17 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 22:22 - 2013-09-17 21:40 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 09:37 - 2014-12-17 20:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-12-17 20:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-12-17 20:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 12:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-28 23:33 - 2015-02-16 14:07 - 00000000 ____D () C:\vom Stick

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 14:48

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by Michael at 2015-04-23 14:33:07
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version:  - ArcSoft)
Ashampoo Photo Card v.1.0.0 (HKLM-x32\...\{C92AB6F1-EC2E-85C8-C6D7-5BB8C2F89C7F}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Audials (HKLM-x32\...\{B3E99777-3515-4B50-B9FB-EB5E8E750F92}) (Version: 11.0.51800.0 - Audials AG)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.19.0.1369 - Bitdefender)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2008.4.0.143 - MaierSoft)
Unity Web Player (HKU\S-1-5-21-3824867406-694797547-1926319732-1000\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - Ihr Firmenname)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-04-2015 18:34:34 Windows Update
15-04-2015 22:19:12 Windows Update
21-04-2015 12:27:35 Windows Update
23-04-2015 13:40:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-22 14:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D93FC08-CD24-43CC-871D-8686F79676C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {58B55D4B-F475-4A0E-AB3F-F6594DB694D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8AD3E8D1-0F76-43E0-AC57-AA8D0C3036FC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {D75B1A13-A221-4578-A9EF-B8B2F8151DBF} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E110D2B2-10F1-47A6-9E64-4924F8DB4AB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {EA8339EB-3CEE-45A1-9334-E7917CDDE480} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

==================== Loaded Modules (whitelisted) ==============

2014-12-17 19:47 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-12-17 19:47 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-12-16 21:49 - 2014-11-19 21:28 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-12-17 19:48 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-20 16:32 - 2015-04-20 16:32 - 00789856 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpbr.mdl
2015-04-20 16:32 - 2015-04-20 16:32 - 00710016 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpdsp.mdl
2015-04-20 16:32 - 2015-04-20 16:32 - 02683008 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpph.mdl
2015-04-20 16:32 - 2015-04-20 16:32 - 01325480 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttprbl.mdl

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Michael\Desktop\AdwCleaner_4.201.exe:BDU
AlternateDataStreams: C:\Users\Michael\Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\Michael\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Michael\Desktop\JRT.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\AdwCleaner_4.201.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\AudialsOne11_CBE.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\pdf24-creator-6.3.2.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3824867406-694797547-1926319732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3824867406-694797547-1926319732-500 - Administrator - Disabled)
Gast (S-1-5-21-3824867406-694797547-1926319732-501 - Limited - Disabled)
Michael (S-1-5-21-3824867406-694797547-1926319732-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (04/22/2015 01:59:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3684) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0003D.log.


System errors:
=============
Error: (04/23/2015 02:27:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 02:27:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X64" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 02:27:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X86" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 02:27:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 02:27:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BrYNSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ArcSoft Connect Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (04/22/2015 01:59:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3684Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0003D.log-1811


CodeIntegrity Errors:
===================================
  Date: 2015-04-22 14:23:59.997
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-22 14:23:59.918
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 54%
Total physical RAM: 4095.18 MB
Available physical RAM: 1867.16 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 5904.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:184.79 GB) (Free:106.9 GB) NTFS
Drive m: (Volume) (Fixed) (Total:150.46 GB) (Free:2.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335.4 GB) (Disk ID: DBFB8ACA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Grüße
Sonic

schrauber · 24.04.2015, 07:53

Kannst Du von der Meldung mal bitte einen Screenshot machen?

Sonic13 · 24.04.2015, 11:48

Hi,
wie mache ich einen Screenshot und kriege ihn in das Feld hier? Ich weiß dumme Frage. mit Druck und dann einfügen hat es hier nicht funktioniert.

ich schreibe Dir gerne den Text von einer der 3 Nachrichten:

Die Webseite hxxp://bw9210.virtualcloudnow.com/users/b721b873-aeff-4fae-b7c3-29cd404ef4ba/extensions ist mit Malware infiziert. Die Webseite wurde durch den Malware Filter blockiert und Ihr PC ist wieder sicher.
Das ist eine von 3 Meldungen und die zweite ist indentisch außer das extensions am Ende fehlt.

Ich kann Dir noch den englischen Text den ich zu virtualcloudnow.com gefunden habe hier einkopieren wenn Dir das hilft?

Gruß

Sonic

schrauber · 24.04.2015, 15:50

Passt schon.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Sonic13 · 24.04.2015, 19:45

Hi Schrauber,

bevor ich Firefox deinstalliert habe, hat Bitdefender wohl ein Update geladen als ich Firefox dann aufgerufen habe, kam keine Virtualclownow Meldung. Nach Deinstallation und Neuinstallation + Restaurierung ist beim erneuten Öffnen keine Meldung gekommen.
Eset hat etwas gefunden.

hier nun die Scans:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f62177ee84a5e41a63a1086bd37e337
# engine=23546
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-24 06:23:09
# local_time=2015-04-24 08:23:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2066 16777213 85 100 4944 133745098 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5323 181529639 0 0
# scanned=186401
# found=1
# cleaned=0
# scan_time=4745
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Nutzprogramme\PDFCreator-1_7_1_setup.exe"

Security Check:

Code:

ATTFilter

 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Bitdefender Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (37.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2015 vsserv.exe  
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Michael (administrator) on XXX-PC on 24-04-2015 20:32:19
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available profiles: XXX)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13631704 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-06] (Bitdefender)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3824867406-694797547-1926319732-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3824867406-694797547-1926319732-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pgzajnu0.default-1429894666843
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3824867406-694797547-1926319732-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-16]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-06] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-06] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 ZY760_64; C:\Windows\System32\DRIVERS\WlanUZ64.SYS [493696 2006-03-20] (ZyDAS Technology Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 20:32 - 2015-04-24 20:32 - 00010581 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-04-24 20:31 - 2015-04-24 20:31 - 00000849 _____ () C:\Users\Michael\Desktop\checkup.txt
2015-04-24 19:01 - 2015-04-24 19:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-24 18:57 - 2015-04-24 18:57 - 00000000 ____D () C:\Users\Michael\Desktop\Alte Firefox-Daten
2015-04-24 18:51 - 2015-04-24 18:51 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-24 18:51 - 2015-04-24 18:51 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-24 18:51 - 2015-04-24 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 18:51 - 2015-04-24 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 18:44 - 2015-04-24 18:44 - 00001264 _____ () C:\Users\Michael\Desktop\Revo Uninstaller.lnk
2015-04-24 18:44 - 2015-04-24 18:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-24 18:41 - 2015-04-24 18:41 - 02347384 _____ (ESET) C:\Users\Michael\Desktop\esetsmartinstaller_deu.exe
2015-04-24 18:41 - 2015-04-24 18:41 - 00852616 _____ () C:\Users\Michael\Desktop\SecurityCheck.exe
2015-04-24 18:40 - 2015-04-24 18:40 - 40676944 _____ () C:\Users\Michael\Downloads\FirefoxSetup37.0.1.exe
2015-04-24 18:39 - 2015-04-24 18:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Michael\Desktop\revosetup95.exe
2015-04-24 18:32 - 2015-04-24 18:32 - 00000056 _____ () C:\Windows\setupact.log
2015-04-24 18:32 - 2015-04-24 18:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-23 14:30 - 2015-04-23 14:30 - 00001326 _____ () C:\Users\Michael\Desktop\JRT.txt
2015-04-23 14:27 - 2015-04-23 14:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MICHAEL-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-23 14:27 - 2015-04-23 14:27 - 00000000 ____D () C:\RegBackup
2015-04-23 14:24 - 2015-04-23 14:20 - 00000974 _____ () C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2015-04-23 14:17 - 2015-04-23 14:17 - 00001210 _____ () C:\Users\Michael\Desktop\mba.txt
2015-04-23 12:11 - 2015-04-21 13:48 - 02099712 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-04-23 12:08 - 2015-04-23 12:08 - 02685470 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2015-04-23 12:07 - 2015-04-20 23:15 - 02217984 _____ () C:\Users\Michael\Desktop\AdwCleaner_4.201.exe
2015-04-22 14:37 - 2015-04-22 14:37 - 00021846 _____ () C:\ComboFix.txt
2015-04-22 14:16 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-22 14:16 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-22 14:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-22 14:16 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-22 14:10 - 2015-04-22 14:38 - 00000000 ____D () C:\Qoobox
2015-04-22 14:10 - 2015-04-22 14:26 - 00000000 ____D () C:\Windows\erdnt
2015-04-22 14:08 - 2015-04-22 14:08 - 05619466 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2015-04-21 13:51 - 2015-04-21 13:51 - 00019271 _____ () C:\Users\Michael\Downloads\Addition.txt
2015-04-21 13:50 - 2015-04-21 13:51 - 00073549 _____ () C:\Users\Michael\Downloads\FRST.txt
2015-04-21 13:49 - 2015-04-24 20:32 - 00000000 ____D () C:\FRST
2015-04-21 12:47 - 2015-04-21 12:47 - 00002703 _____ () C:\Users\Michael\Desktop\Microsoft Office Word 2003.lnk
2015-04-20 23:16 - 2015-04-23 14:20 - 00000000 ____D () C:\AdwCleaner
2015-04-20 23:15 - 2015-04-20 23:15 - 02217984 _____ () C:\Users\Michael\Downloads\AdwCleaner_4.201.exe
2015-04-20 19:08 - 2015-04-20 19:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-20 19:08 - 2015-04-20 19:08 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-15 18:39 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:39 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:39 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:39 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:39 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:39 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:39 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:38 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:38 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 18:38 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:38 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:38 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:38 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 18:38 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 18:38 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:38 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 18:38 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:38 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 18:38 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 18:38 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 18:38 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 18:38 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 18:38 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 18:38 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 18:38 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 18:38 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 18:38 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 18:38 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 18:38 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 18:38 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 18:38 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:38 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:38 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 18:38 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 18:38 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 18:38 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 18:38 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 18:38 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 18:37 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 18:37 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 18:37 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 18:37 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 18:37 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:37 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:36 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 18:36 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 18:36 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 18:36 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 18:36 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 18:36 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 18:36 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 18:36 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:36 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 18:36 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 18:36 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 18:36 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 18:36 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 18:36 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:36 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 18:36 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 18:36 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:36 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 18:36 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 18:36 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 18:36 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:36 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 18:36 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:36 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:36 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:36 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 18:35 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:35 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 18:35 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:35 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 18:35 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:35 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 18:35 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 18:35 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 18:35 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 18:35 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 18:35 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:35 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 18:35 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 18:35 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:35 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 18:35 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 18:35 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:35 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 18:35 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 18:35 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 18:35 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 18:35 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:35 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 18:35 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 18:35 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 18:35 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:35 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 18:35 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:35 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:35 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 18:35 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:35 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:35 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:34 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 18:34 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:34 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 18:02 - 2015-04-14 00:04 - 00000000 ____D () C:\Kat
2015-04-12 14:08 - 2015-04-12 14:19 - 00000000 ____D () C:\Fibo
2015-04-08 20:43 - 2015-04-13 18:01 - 00000000 ____D () C:\Fib
2015-04-06 14:23 - 2015-04-06 14:23 - 00160544 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-04-04 16:05 - 2015-04-04 16:05 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 16:05 - 2015-04-04 16:05 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 20:24 - 2013-09-17 20:21 - 01187072 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 18:40 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 18:40 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 18:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 13:56 - 2014-12-17 20:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 13:45 - 2013-09-19 18:46 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-23 13:45 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-23 13:45 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-23 13:45 - 2009-07-14 07:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 12:35 - 2014-04-07 23:02 - 00000000 ____D () C:\Users\Michael\dwhelper
2015-04-23 12:05 - 2014-12-17 20:37 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-23 12:05 - 2014-12-17 20:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-22 14:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-22 14:27 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-20 19:08 - 2014-12-25 19:54 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-20 19:08 - 2014-08-20 13:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2015-04-20 19:07 - 2013-09-17 23:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-19 15:31 - 2014-12-19 15:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2015-04-19 14:41 - 2013-09-19 18:50 - 00000000 ____D () C:\Windows\Minidump
2015-04-18 18:41 - 2013-09-17 23:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-18 18:41 - 2013-09-17 23:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 17:17 - 2014-12-10 15:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 17:17 - 2014-04-23 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 17:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 22:25 - 2013-09-17 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 22:22 - 2013-09-17 21:40 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 09:37 - 2014-12-17 20:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-12-17 20:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-12-17 20:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 12:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-28 23:33 - 2015-02-16 14:07 - 00000000 ____D () C:\vom Stick

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 14:48

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by Michael at 2015-04-24 20:33:26
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Disabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Disabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version:  - ArcSoft)
Ashampoo Photo Card v.1.0.0 (HKLM-x32\...\{C92AB6F1-EC2E-85C8-C6D7-5BB8C2F89C7F}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Audials (HKLM-x32\...\{B3E99777-3515-4B50-B9FB-EB5E8E750F92}) (Version: 11.0.51800.0 - Audials AG)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.19.0.1369 - Bitdefender)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2008.4.0.143 - MaierSoft)
Unity Web Player (HKU\S-1-5-21-3824867406-694797547-1926319732-1000\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - Ihr Firmenname)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-04-2015 18:34:34 Windows Update
15-04-2015 22:19:12 Windows Update
21-04-2015 12:27:35 Windows Update
23-04-2015 13:40:35 Windows Update
24-04-2015 18:46:36 Revo Uninstaller's restore point - Mozilla Firefox 37.0.2 (x86 de)
24-04-2015 18:49:04 Revo Uninstaller's restore point - Mozilla Firefox 37.0.2 (x86 de)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-22 14:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D93FC08-CD24-43CC-871D-8686F79676C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {58B55D4B-F475-4A0E-AB3F-F6594DB694D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8AD3E8D1-0F76-43E0-AC57-AA8D0C3036FC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {D75B1A13-A221-4578-A9EF-B8B2F8151DBF} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E110D2B2-10F1-47A6-9E64-4924F8DB4AB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {EA8339EB-3CEE-45A1-9334-E7917CDDE480} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

==================== Loaded Modules (whitelisted) ==============

2014-12-17 19:47 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-12-17 19:47 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-12-16 21:49 - 2014-11-19 21:28 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-12-17 19:48 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-20 16:32 - 2015-04-20 16:32 - 00789856 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpbr.mdl
2015-04-20 16:32 - 2015-04-20 16:32 - 00710016 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpdsp.mdl
2015-04-20 16:32 - 2015-04-20 16:32 - 02683008 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttpph.mdl
2015-04-20 16:32 - 2015-04-20 16:32 - 01325480 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_004\ashttprbl.mdl
2013-09-18 00:13 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-08 17:47 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Michael\Desktop\AdwCleaner_4.201.exe:BDU
AlternateDataStreams: C:\Users\Michael\Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\Michael\Desktop\esetsmartinstaller_deu.exe:BDU
AlternateDataStreams: C:\Users\Michael\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Michael\Desktop\JRT.exe:BDU
AlternateDataStreams: C:\Users\Michael\Desktop\revosetup95.exe:BDU
AlternateDataStreams: C:\Users\Michael\Desktop\SecurityCheck.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\AdwCleaner_4.201.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\AudialsOne11_CBE.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\FirefoxSetup37.0.1.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\pdf24-creator-6.3.2.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3824867406-694797547-1926319732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3824867406-694797547-1926319732-500 - Administrator - Disabled)
Gast (S-1-5-21-3824867406-694797547-1926319732-501 - Limited - Disabled)
Michael (S-1-5-21-3824867406-694797547-1926319732-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2015 08:26:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/24/2015 07:01:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/24/2015 07:01:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/24/2015 07:01:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/24/2015 06:43:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/24/2015 06:43:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (04/23/2015 02:27:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 02:27:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X64" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 02:27:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X86" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 02:27:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 02:27:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BrYNSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ArcSoft Connect Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/24/2015 08:26:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/24/2015 07:01:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Desktop\esetsmartinstaller_deu.exe

Error: (04/24/2015 07:01:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Desktop\esetsmartinstaller_deu.exe

Error: (04/24/2015 07:01:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Desktop\esetsmartinstaller_deu.exe

Error: (04/24/2015 06:43:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Desktop\esetsmartinstaller_deu.exe

Error: (04/24/2015 06:43:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Downloads\esetsmartinstaller_deu.exe

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2015 01:59:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer


CodeIntegrity Errors:
===================================
  Date: 2015-04-22 14:23:59.997
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-22 14:23:59.918
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 52%
Total physical RAM: 4095.18 MB
Available physical RAM: 1937.53 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 5895.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:184.79 GB) (Free:103.64 GB) NTFS
Drive m: (Volume) (Fixed) (Total:150.46 GB) (Free:2.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335.4 GB) (Disk ID: DBFB8ACA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gruß

Sonic

schrauber · 25.04.2015, 15:00

Also das Problem ist weg?

Sonic13 · 25.04.2015, 15:10

Ja seit gestern abend( wie schon geschrieben) und heute bis jetzt auch nicht wieder aufgetreten.

Grüße

schrauber · 26.04.2015, 06:27

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Sonic13 · 26.04.2015, 13:03

Hi Schrauber,

ich kann Combofix nicht deinstallieren. Wenn ich combofix/unistall im Ausführenfenster eintippe bekomme ich die Meldung combofix/unistall konnte nicht gefunden werden.

Ich hatte Combix ja zuerst in meinen Download Ordner drin und von da auf den Desktop verschoben.

Was nun?

Außerdem meldet Firefox wenn ich die Konfigurierungsseite meines Routers aufrufen möchte. Dieser Verbindung wird nicht vertraut. Unter Fehler steht dann Zertifikat ist am "Datum" "Uhrzeit" abgelaufen Fehler: sec_error_expired_certificate.

Da meine Lesezeichen ja bei der Deinstallation von Firefox gelöscht worden sind, kann ich Lesezeichen die ich vor einem Monat gespeichert habe dafür einkopieren?

Gruß

Sonic

Hallo Schrauber,

Combofix habe ich deinstalliert bekommen. Ich hatte das leerzeichen hinter Combofix vergessen.

Allerdings ist die Deinstallation mit DelFix gründlich in die Hose gegangen.(Schreibe deshalb gerade vom PC meines Cousins) Habe wie in der Anleitung einen Haken hinter jede Funktion gesetzt und auf Start gedrückt. Alle Desktopsymbole sind verschwunden wie auch Alle Status und Symbolleisten von Windows. Ich habe quasi nur noch das Hintergrundbild und die Bitdefender Anzeige.
Während der Delfix Ausführung hat Bitdefender folgendes Popup geöffnet "Desinfektion wird ausgeführt" Die erkannte Bedrohnung wird gerade desinfiziert. Bitte Warten Sie bis der Vorgang ageschlossen ist.
Dann zeigte Bitdefender nach ein paar Minuten 10 Meldungen an u.a. Bitdefender hat die Anwendung delfix_10.9.exe als möglicherweise schädlich erkannt und den folgende Aktion blockiert. Das Verhalten der Anwendung könnte Ihrem Computer schaden.

Bei den anderen 9 Meldungen gibt es von Bitdefender nach der Meldungen "Diese Element wurde zu ihrem Schutz desinfiziert" die Auswahl Originaldatei wiederherstellen oder löschen.

Hilfe was nun?

24.04.2015, 07:53	#8
schrauber /// the machine /// TB-Ausbilder	Bitdefender meldet nach jeden Firefox öffnen virtualcloudnow.com Malware Kannst Du von der Meldung mal bitte einen Screenshot machen? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

25.04.2015, 15:00	#12
schrauber /// the machine /// TB-Ausbilder	Bitdefender meldet nach jeden Firefox öffnen virtualcloudnow.com Malware Also das Problem ist weg? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Bitdefender meldet nach jeden Firefox öffnen virtualcloudnow.com Malware

Plagegeister aller Art und deren Bekämpfung: Bitdefender meldet nach jeden Firefox öffnen virtualcloudnow.com Malware