Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Schädlinge trotz mehrfacher Scans (https://www.trojaner-board.de/167276-schaedlinge-trotz-mehrfacher-scans.html)

HtHNightwolf 26.05.2015 09:24
Schädlinge trotz mehrfacher Scans
 
Hallo liebes Trojaner-Board Team,

ich habe einen PC hier, der sich durch irgendeinen Email-Anhang wohl eine ganze Rige an Schädlingen eingefangen hatte.
Gescannt haben wir bereits mit:
Trend Micro
MBAM
JRST
Adware Cleaner
ESET

Gefunden und gekillt haben die alle reichlich, dennoch schließt RKILL bei jedem Start noch Prozesse. Könnt ihr mir helfen, bitte, die verbliebenen Halunken zur Strecke zu bringen? :rolleyes:

Ein FRST Log und die Addition hänge ich an.


Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by ts (administrator) on WS15 on 26-05-2015 09:22:42
Running from C:\Users\ts2\Desktop
Loaded Profiles: ts (Available Profiles: Test & ts_old & ts & Administrator & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TightVNC Group) C:\Program Files (x86)\TightVNC\WinVNC.exe
(RealVNC Ltd.) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [OfficeScanNT Monitor] =>  -HideWindow
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1362624 2010-08-12] (Trend Micro Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [InstallShieldSetup] => C:\Program Files (x86)\InstallShield Installation Information\VERLAG C_H_ BECK M_NCHENER VERTRAGSHANDBUCH EDITION 7 C 7_0\setup.exe [121064 2005-11-14] (Macrovision Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\508\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20.exe [1064872 2007-02-23] (Microsoft Corporation)
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\Control Panel\Desktop\\SCRNSAVE.EXE ->
CHR HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-23] (Nuance Communications, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-23] (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.96.1

FireFox:
========
FF ProfilePath: C:\Users\ts2\AppData\Roaming\Mozilla\Firefox\Profiles\4y90kgis.default-1432305455912
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-23] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-23] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-2516187649-2465164387-518761543-1193: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ts2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-29] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-02] (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-05-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-05-18]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2013-03-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DM1Service; C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe [73728 2007-06-11] (OLYMPUS IMAGING CORP.) []
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) []
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [2024896 2010-08-04] (Trend Micro Inc.)
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [176128 2010-02-26] (OLYMPUS IMAGING CORP.) []
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) []
S4 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [3644200 2011-06-24] (StorageCraft Technology Corporation)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [2354224 2010-08-04] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917768 2010-04-24] (Trend Micro Inc.)
S4 VSNAPVSS; C:\Windows\SysWOW64\vsnapvss.exe [72488 2011-06-24] (StorageCraft Technology Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 winvnc; C:\Program Files (x86)\TightVNC\WinVNC.exe [585728 2009-03-05] (TightVNC Group) []
R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1261056 2010-07-23] (C-Media Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S1 ntiomin; No ImagePath
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [116008 2011-06-24] (StorageCraft Technology Corporation)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [276264 2011-06-24] (StorageCraft Technology Corporation)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108048 2010-04-24] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 09:18 - 2015-05-26 09:18 - 00000000 ____D () C:\Users\ts2\Downloads\FRST-OlderVersion
2015-05-26 08:53 - 2015-05-26 08:58 - 00002676 _____ () C:\Users\ts2\Desktop\Rkill.txt
2015-05-22 16:37 - 2015-05-22 16:37 - 00000000 ____D () C:\Users\ts2\Desktop\Alte Firefox-Daten
2015-05-22 16:36 - 2015-05-22 16:36 - 00238915 _____ () C:\Users\ts2\Desktop\bookmarks.html
2015-05-22 16:36 - 2015-05-22 16:36 - 00168504 _____ () C:\Users\ts2\Desktop\bookmarks-2015-05-22.json
2015-05-22 15:54 - 2015-05-26 09:20 - 00038426 _____ () C:\Users\ts2\Downloads\Addition.txt
2015-05-22 15:52 - 2015-05-26 09:23 - 00022018 _____ () C:\Users\ts2\Desktop\FRST.txt
2015-05-22 15:52 - 2015-05-26 09:22 - 00000000 ____D () C:\FRST
2015-05-22 15:50 - 2015-05-26 09:18 - 02108928 _____ (Farbar) C:\Users\ts2\Desktop\FRST64.exe
2015-05-22 12:32 - 2015-05-22 12:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-22 10:39 - 2015-05-22 10:39 - 00000000 ____D () C:\Users\ts2\AppData\Roaming\VSRevoGroup
2015-05-22 10:22 - 2015-05-22 10:22 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\ts2\Downloads\WinIOgOn64-27427.exe
2015-05-22 10:06 - 2015-05-22 10:06 - 00001270 _____ () C:\Users\ts2\Desktop\Revo Uninstaller.lnk
2015-05-22 10:06 - 2015-05-22 10:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-22 09:42 - 2015-05-22 09:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ts2\Downloads\revosetup.exe
2015-05-22 09:26 - 2015-05-22 09:26 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Year-investigate
2015-05-22 09:25 - 2015-05-22 09:26 - 02209792 _____ () C:\Users\ts2\Downloads\adwcleaner_4.205.exe
2015-05-22 08:46 - 2015-05-22 08:46 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\ts2\Downloads\WinIOgOn64.exe
2015-05-20 15:48 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 15:47 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 15:41 - 2015-04-10 18:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-20 15:41 - 2015-04-10 18:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-20 15:41 - 2015-04-10 18:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-20 15:41 - 2015-04-10 18:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-20 15:41 - 2015-04-10 18:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-20 15:41 - 2015-04-10 18:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-20 15:41 - 2015-04-10 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-20 15:41 - 2015-04-10 18:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-20 15:41 - 2015-04-10 18:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-20 15:41 - 2015-04-10 18:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-20 15:41 - 2015-04-10 18:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-20 15:41 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-20 15:41 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-20 15:41 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-20 15:41 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-20 15:41 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-20 15:41 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-20 15:41 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-20 15:41 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-20 15:41 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-20 15:41 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-20 15:40 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-20 15:40 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-20 15:40 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-20 15:40 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-20 15:40 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-20 15:40 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-20 15:40 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-20 15:40 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-20 15:40 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-20 15:40 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-20 15:40 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-20 15:40 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-20 15:40 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-20 15:39 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-20 15:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-20 15:39 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-20 15:39 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-20 15:39 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-20 15:39 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-20 15:39 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-20 15:39 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-20 15:39 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-20 15:39 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-20 15:39 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-20 15:39 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-20 15:39 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-20 15:39 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-20 15:39 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-20 15:39 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-20 15:39 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-20 15:39 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-20 15:39 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-20 15:39 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-20 15:39 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-20 15:39 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-20 15:39 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-20 15:39 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-20 15:39 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-20 15:39 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-20 15:39 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-20 15:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-20 15:38 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-20 15:38 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-20 15:38 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-20 15:38 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-20 15:38 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-20 15:38 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-20 15:38 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-20 15:38 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-20 15:38 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-20 15:38 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-20 15:38 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-20 15:38 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-20 15:38 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-20 15:38 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-20 15:38 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-20 15:38 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-20 15:37 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-20 15:37 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-20 15:37 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-20 15:37 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-20 15:37 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-20 15:37 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-20 15:37 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-20 15:27 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-20 15:27 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-20 15:27 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-20 15:27 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-20 15:27 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-20 15:27 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-20 15:27 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-20 15:24 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-20 15:24 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-20 15:24 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-20 13:15 - 2015-05-20 13:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WS15-Windows-7-Professional-(64-bit).dat
2015-05-20 13:14 - 2015-05-20 13:14 - 00000000 ____D () C:\RegBackup
2015-05-20 12:09 - 2015-05-20 12:09 - 02953520 _____ (AVAST Software) C:\Users\ts2\Downloads\avast-browser-cleanup_9.0.0.224.exe
2015-05-20 12:09 - 2015-05-20 12:09 - 02720307 _____ (Thisisu) C:\Users\ts2\Downloads\JRT_6.7.0.exe
2015-05-20 09:41 - 2015-05-20 09:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\ts2\Downloads\WinIOgOn.exe
2015-05-20 09:00 - 2015-05-22 10:13 - 00000000 ___HD () C:\Users\ts2\AppData\Roaming\Standard-fly
2015-05-20 09:00 - 2015-05-20 09:00 - 00000000 ___HD () C:\Users\ts2\AppData\Roaming\Year-earn
2015-05-20 08:38 - 2015-05-20 08:38 - 00000015 _____ () C:\Windows\ዞ
2015-05-19 14:20 - 2015-05-19 14:20 - 00000000 ___HD () C:\Users\ts2\AppData\Roaming\Potatoestimate
2015-05-19 08:51 - 2015-05-20 08:40 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Year-league
2015-05-19 08:50 - 2015-05-19 08:50 - 00000015 _____ () C:\Windows\犗
2015-05-19 08:50 - 2015-05-19 08:50 - 00000015 _____ () C:\Windows\瀠
2015-05-18 12:09 - 2015-05-18 12:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 09:26 - 2015-05-22 10:18 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 09:26 - 2015-05-18 09:26 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-18 09:26 - 2015-05-18 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 09:26 - 2015-05-18 09:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 09:26 - 2015-05-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 09:26 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 09:26 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 09:26 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 09:22 - 2015-05-18 09:22 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ts2\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-18 09:02 - 2015-05-22 10:13 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Bench-closet
2015-05-18 08:31 - 2015-05-18 08:32 - 00000044 _____ () C:\Windows\뱵띦暼疷WINDOWS
2015-05-15 14:02 - 2015-05-15 14:03 - 00000044 _____ () C:\Windows\뱶暼盬WINDOWS
2015-05-15 10:18 - 2015-05-15 13:46 - 00000000 ____D () C:\Users\ts2\Desktop\Diktate
2015-05-15 08:26 - 2015-05-18 08:31 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Potato-remind
2015-05-15 08:14 - 2015-05-15 08:15 - 00000044 _____ () C:\Windows\뱶䭦暼癋WINDOWS
2015-05-13 14:00 - 2015-05-13 14:00 - 02347384 _____ (ESET) C:\Users\ts2\Downloads\esetsmartinstaller_deu.exe
2015-05-13 13:23 - 2015-05-13 13:24 - 00000044 _____ () C:\Windows\뱴暼瓠WINDOWS
2015-05-13 10:11 - 2015-05-13 10:12 - 00000044 _____ () C:\Windows\뱵葦暼疄WINDOWS
2015-05-13 10:06 - 2015-05-13 10:07 - 00000044 _____ () C:\Windows\뱶⁦暼瘠WINDOWS
2015-05-13 08:52 - 2015-05-13 08:52 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Fatrelate
2015-05-13 08:22 - 2015-05-15 08:14 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Yearnose
2015-05-13 08:16 - 2015-05-13 08:17 - 00000044 _____ () C:\Windows\뱵०暼甉WINDOWS
2015-05-11 09:24 - 2015-05-11 09:25 - 00000044 _____ () C:\Windows\뱵쥦暼痉WINDOWS
2015-05-11 08:19 - 2015-05-11 08:21 - 00000044 _____ () C:\Windows\뱶䵦暼癍WINDOWS
2015-05-08 08:49 - 2015-05-18 10:29 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Standard-juice
2015-05-08 08:48 - 2015-05-08 08:49 - 00000044 _____ () C:\Windows\뱶屦暼癜WINDOWS
2015-05-07 09:06 - 2015-05-22 08:44 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Thanks_cancel
2015-05-06 15:32 - 2015-05-06 15:32 - 00000000 ____D () C:\Users\ts2\Desktop\Bilder
2015-05-05 13:19 - 2015-05-05 13:19 - 00000026 _____ () C:\Windows\upathÄÿÿÿM
2015-05-05 09:48 - 2015-05-13 08:16 - 00000000 ___HD () C:\Users\ts2\AppData\Roaming\Fatexist
2015-05-04 08:46 - 2015-05-05 08:53 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Fataccount

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 09:18 - 2011-08-23 10:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 09:16 - 2013-08-06 17:18 - 00000000 ____D () C:\Rumpelsti
2015-05-26 09:16 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 09:16 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 09:11 - 2011-02-01 17:40 - 01571393 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 08:49 - 2012-04-05 08:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 08:48 - 2011-02-09 12:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974517230-1633706893-2555009689-1171UA.job
2015-05-26 08:46 - 2011-02-02 12:32 - 00008822 _____ () C:\Windows\cfgall.ini
2015-05-26 08:45 - 2011-02-02 18:55 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2015-05-26 08:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 08:40 - 2011-02-01 18:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-26 08:40 - 2009-07-14 06:51 - 00115730 _____ () C:\Windows\setupact.log
2015-05-22 12:28 - 2011-09-06 16:09 - 00003391 _____ () C:\Windows\TMFilter.log
2015-05-22 12:12 - 2011-02-01 18:12 - 00368252 _____ () C:\Windows\PFRO.log
2015-05-22 11:50 - 2011-02-09 12:43 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974517230-1633706893-2555009689-1171Core.job
2015-05-22 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-05-22 08:46 - 2013-10-31 15:51 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-05-22 08:45 - 2014-06-20 16:11 - 00240176 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-05-20 16:30 - 2009-07-14 19:58 - 00811018 _____ () C:\Windows\system32\perfh007.dat
2015-05-20 16:30 - 2009-07-14 19:58 - 00189980 _____ () C:\Windows\system32\perfc007.dat
2015-05-20 16:30 - 2009-07-14 07:13 - 01908646 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 16:22 - 2012-05-09 15:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-20 16:22 - 2012-05-09 15:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-20 16:22 - 2009-07-14 06:45 - 00454136 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-20 16:19 - 2015-01-13 17:25 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-20 16:19 - 2014-05-09 15:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-20 16:19 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-20 16:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-20 16:17 - 2011-02-02 11:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-20 16:17 - 2009-07-14 04:34 - 00002194 _____ () C:\Windows\win.ini
2015-05-20 16:11 - 2011-02-04 16:56 - 01881990 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-20 16:09 - 2013-08-09 14:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-20 15:47 - 2012-05-09 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-20 14:28 - 2011-05-04 09:45 - 00000000 ____D () C:\Users\ts2\Desktop\Privat
2015-05-19 17:14 - 2011-02-04 18:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-19 17:10 - 2011-02-02 12:10 - 00000753 _____ () C:\Windows\DictaNet.ini
2015-05-19 09:48 - 2011-05-04 10:34 - 00004155 _____ () C:\Users\ts2\AppData\Roaming\SAS7_000.DAT
2015-05-19 09:13 - 2011-08-23 10:11 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 09:13 - 2011-08-23 10:11 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 09:13 - 2011-08-23 10:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 08:38 - 2012-04-30 08:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 10:35 - 2014-08-15 10:25 - 00000000 ____D () C:\Users\ts2\AppData\Local\Adobe
2015-05-18 10:35 - 2012-04-05 08:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-18 10:35 - 2012-04-05 08:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-18 10:35 - 2011-09-29 13:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-15 08:30 - 2014-10-13 08:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-30 10:07 - 2011-02-01 18:39 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-09-26 10:59 - 2004-03-01 21:58 - 0561424 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\dao360.dll
2011-05-04 10:34 - 2015-05-19 09:48 - 0004155 _____ () C:\Users\ts2\AppData\Roaming\SAS7_000.DAT
2012-02-20 15:11 - 2012-02-20 15:11 - 0000003 _____ () C:\Users\ts2\AppData\Local\Bekannte Tresore.txt
2011-08-26 13:34 - 2011-08-26 13:34 - 0007602 _____ () C:\Users\ts2\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
C:\Users\ts2\AppData\Local\Temp\ose00000.exe
C:\Users\ts2\AppData\Local\Temp\_is539D.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 10:41

==================== End of log ============================




Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by ts at 2015-05-26 09:23:35
Running from C:\Users\ts2\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3492041919-3848507663-3309951301-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3492041919-3848507663-3309951301-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Becksches Formularbuch Bürgerliches, Handels- und Wirtschaftsrecht (HKLM-x32\...\Becksches Formularbuch Bürgerliches, Handels- und Wirtschaftsrecht) (Version:  - )
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM-x32\...\{7121136B-462F-46F7-8FC0-6A35E8DC2D5B}) (Version: 4.3.77 - DataDesign)
DDBAC (HKLM-x32\...\{88A0F52F-A024-4268-977E-E75B1F9C67ED}) (Version: 5.3.28 - DataDesign)
DDBAC (HKLM-x32\...\{CC12DCBF-D85B-45B1-9366-8C3F708B362E}) (Version: 4.3.49 - DataDesign)
DictaNet Mobile Player (HKLM-x32\...\DictaNet Mobile Player) (Version:  - )
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GNU Backgammon (Version 1_02_000, 20130728) (HKLM-x32\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist 8.0.0.508 (HKLM-x32\...\GoToAssist) (Version:  - )
GPS Master 2.0.14 (HKLM-x32\...\GPS Master_is1) (Version: 1.0 - GPS Master)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B0-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 DEU (HKLM\...\{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Surface 2.0 Runtime (HKLM-x32\...\{69C2B39D-F060-49AD-8877-01C4144A8424}) (Version: 2.0.21114.00 - Microsoft Corporation)
Microsoft Surface Toolkit Runtime for Windows Touch Beta (HKLM-x32\...\{788755AD-6DD7-4736-9CA9-24B05D87845C}) (Version: 1.5.10404.01 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) DEU  (HKLM-x32\...\{E6415AEF-3B3E-43FF-AD3A-0258D854E7D6}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) DEU  (HKLM-x32\...\{E90A1941-4989-4172-AB5C-DBCB02202A84}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) DEU  (HKLM-x32\...\{D0F06337-3406-4162-9990-7853DCE4F345}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) DEU  (HKLM-x32\...\{349B4707-5F45-49EB-9A9D-8F89C94355F2}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{D95B72D8-DE21-3DAE-B2C5-B1EE64EEBEFA}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
Olympus DSS Player Pro (HKLM-x32\...\{8E35083D-B04F-4823-A260-C07FDD3D40FD}) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OVS Formularpraxis (HKLM-x32\...\{49CB6744-E778-406C-91CD-F583B9AF4656}) (Version: 2.0.0.0 - Verlag Dr. Otto Schmidt)
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.269.0 - Tracker Software Products Ltd)
PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.162.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RA-MICRO Deinstallation (HKLM-x32\...\ra-micro Deinstallation) (Version:  - RA-MICRO GmbH & Co. KGaA)
RA-MICRO E-Akte (HKLM-x32\...\{DE6EAF75-5C96-4C8E-8009-99A83326E3E4}) (Version: 2.08.0000 - RA-MICRO Software GmbH)
RA-MICRO Elster (HKLM-x32\...\{EC15998D-5C48-43D9-B5A6-43085531B31C}) (Version: 4.25.0000 - RA-MICRO GmbH & Co KGaA)
RA-MICRO Festplattenbelegung (HKLM-x32\...\{76DA699C-A2D1-4430-8ACA-1547ADC2D7B3}) (Version: 1.06.0008 - RA-MICRO Software GmbH)
RA-MICRO Infragistics 10.3 (HKLM-x32\...\{2592ACCF-8D9B-4CF8-B791-16A94A8A75B8}) (Version: 10.01.30101 - RA-MICRO Software GmbH)
RA-MICRO Leadtools (HKLM-x32\...\{DE726A89-0BF3-433D-B975-4201BF2E8156}) (Version: 2.01.0000 - RA-MICRO Software GmbH)
RA-MICRO Programmdateien (HKLM-x32\...\RA-MICRO Programmdateien) (Version:  - )
RA-MICRO Systemdateien (HKLM-x32\...\{22674A89-CE4D-428D-BA79-4446933FBAF0}) (Version: 1.2.2010.0 - RA-MICRO Software GmbH)
RA-MICRO Terminverwaltung Outlook Addin (HKLM-x32\...\{64D87DBC-33D7-4FB3-A222-419FF51BDF10}) (Version: 7.200.0013 - RA-MICRO Software GmbH)
RA-MICRO.net (HKLM-x32\...\{3A0C8351-3F02-48E1-BFD6-D21078261203}) (Version: 9.0.0308 - RA-MICRO Software GmbH)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Schmerzensgeld CD 3.0 (HKLM-x32\...\Schmerzensgeld CD 3.0) (Version:  - )
SecCommerce SecSigner 3.6 (HKLM\...\SecCommerce SecSigner) (Version: 3.6 - SecCommerce Informationssysteme GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShadowProtect Desktop (HKLM-x32\...\{8850DEC8-22FD-4F05-A3AA-49B91200C24F}) (Version: 4.15.10129 - StorageCraft)
ShadowProtect Desktop (x32 Version: 4.15.10129 - StorageCraft) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 7.0  (HKLM-x32\...\{EE5B7DA5-4CEA-43FE-8B61-31CDAFE9262A}) (Version: 7.0 - Star Finanz GmbH)
StarMoney 8.0  (HKLM-x32\...\{FFB2EC54-FE7D-4C74-82C2-4F3ED9142A4D}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{33A9B7E8-86E9-489C-8931-324DE4228F7F}) (Version: 9.0 - Star Finanz GmbH)
TextControl 14.0 SP4 (HKLM-x32\...\{01201D0C-0AD2-471D-8CB6-E1574A5A0D8D}) (Version: 2.00.0000 - RA-MICRO Software GmbH)
TightVNC 1.3.10 (HKLM-x32\...\TightVNC_is1) (Version: 1.3.10 - TightVNC Group)
TreeMail (HKLM-x32\...\{4114624E-CE9E-448F-9AFE-16FCA726BCF2}) (Version: 3.22.0000 - RA-MICRO Software GmbH)
Trend Micro OfficeScan Client (HKLM-x32\...\{ECEA7878-2100-4525-915D-B09174E36971}) (Version: 10.5 - Trend Micro)
Unity Web Player (HKU\S-1-5-21-2516187649-2465164387-518761543-1193\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Verbatim Hard Drive Formatter (HKLM-x32\...\Verbatim Hard Drive Formatter_is1) (Version:  - Verbatim)
Verlag C.H. Beck Münchener Vertragshandbuch Edition 7 B 7.0 (HKLM-x32\...\VERLAG C_H_ BECK M_NCHENER VERTRAGSHANDBUCH EDITION 7 B 7_0) (Version: 7.0 - Verlag C.H. Beck)
Verlag C.H. Beck Münchener Vertragshandbuch Edition 7 C 7.0 (HKLM-x32\...\VERLAG C_H_ BECK M_NCHENER VERTRAGSHANDBUCH EDITION 7 C 7_0) (Version: 7.0 - Verlag C.H. Beck)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
Windows-Treiberpaket - Sunplus (SPCP825K) Ports  (07/01/2010 1.0.9.0) (HKLM\...\20986CDBFBCA238AA12329A115B1CC9D88E9C06C) (Version: 07/01/2010 1.0.9.0 - Sunplus)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-04-2015 15:02:06 Geplanter Prüfpunkt
06-05-2015 12:42:03 Geplanter Prüfpunkt
20-05-2015 15:42:56 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08E2691F-EF8B-4561-AA7E-1F98B4EF6C1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2974517230-1633706893-2555009689-1171Core => C:\Users\ts\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {5B572D51-4BC7-4A05-A8F9-15B21B311BC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {856D1CC3-10E2-4728-A536-EEA465E09304} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A79FDBA8-2122-459C-9C69-7A8CDA52E047} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: {CD745933-B376-4F05-8553-2FE7FE34750D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CF192ECA-F28E-45DE-A01D-2DA92D51C0C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D953C596-6C23-4A2F-A503-FC4C0CFDB9D8} - System32\Tasks\{A854E862-0662-4A0E-B144-B4E4F4B81C06} => pcalua.exe -a "C:\Program Files (x86)\a-jur-Kanzleisoftware\gaplaunch.exe" -d "C:\Program Files (x86)\a-jur-Kanzleisoftware"
Task: {E29C8BB5-7ADC-47BC-BF16-C9697E3D64D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2974517230-1633706893-2555009689-1171UA => C:\Users\ts\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974517230-1633706893-2555009689-1171Core.job => C:\Users\ts\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974517230-1633706893-2555009689-1171UA.job => C:\Users\ts\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-03-26 22:36 - 2009-03-26 22:36 - 01489408 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\LIBEAY32.dll
2009-03-26 22:37 - 2009-03-26 22:37 - 00318464 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\SSLEAY32.dll
2007-05-16 11:42 - 2007-05-16 11:42 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2011-10-26 14:49 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-11 11:23 - 2009-10-06 15:36 - 00205312 _____ () C:\Program Files (x86)\StarMoney 7.0\ouservice\PATCHW32.dll
2013-02-15 11:03 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0\ouservice\PATCHW32.dll
2014-08-05 15:03 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-10-20 16:08 - 2010-10-20 16:08 - 00122720 _____ () C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-05-18 10:35 - 2015-05-18 10:35 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:9453D700

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2516187649-2465164387-518761543-1193\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.96.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{7DD1E163-28D5-449F-BFFE-1EE06EA53094}C:\program files (x86)\tightvnc\winvnc.exe] => (Allow) C:\program files (x86)\tightvnc\winvnc.exe
FirewallRules: [UDP Query User{2CE4204C-1F8E-45BD-8ABD-FE0B8ECBB8BD}C:\program files (x86)\tightvnc\winvnc.exe] => (Allow) C:\program files (x86)\tightvnc\winvnc.exe

==================== Faulty Device Manager Devices =============

Name: ASUS Xonar DG Audio Device
Description: ASUS Xonar DG Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK
Service: cmudaxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2015 09:12:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 08:47:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1538
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (05/26/2015 08:46:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1190
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (05/26/2015 08:41:11 AM) (Source: WinVNC4) (EventID: 1) (User: )
Description: SocketManager: unknown listener event: 0

Error: (05/22/2015 05:54:33 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (05/22/2015 00:39:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1038
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (05/22/2015 00:38:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xe84
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (05/22/2015 00:32:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/22/2015 00:32:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/22/2015 00:22:31 PM) (Source: Microsoft-Windows-Folder Redirection) (EventID: 502) (User: NTDRAE)
Description: Fehler bei der Richtlinienanwendung und beim Umleiten des Ordners "Pictures" nach "\\storage\Home\ts".
 Umleitungsoptionen=0x9211.
 Der folgende Fehler ist aufgetreten: "Fehler bei der Umleitung, da das Zielverzeichnis "\\storage\Home\ts" offline ist.".
 Fehlerdetails: "Der Netzwerkpfad wurde nicht gefunden.
".


System errors:
=============
Error: (05/26/2015 08:47:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}

Error: (05/26/2015 08:43:06 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NTDRAE)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (05/26/2015 08:41:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ntiomin

Error: (05/26/2015 08:41:01 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT-AUTORITÄT)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben:
a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller.
b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).

Error: (05/26/2015 08:41:00 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne NTDRAE aufgrund der folgenden
Ursache nicht einrichten:
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (05/22/2015 00:39:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}

Error: (05/22/2015 00:28:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/22/2015 00:28:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X64" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/22/2015 00:28:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dragon Logger service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/22/2015 00:28:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "OfficeScan NT Listener" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (07/12/2011 08:43:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 462 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (02/23/2011 04:04:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 69 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 07:12:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 00:07:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2011 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 11:25:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2931 seconds with 1920 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 05:05:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 05:03:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 384 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 04:55:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1235 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (02/17/2011 01:33:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 241 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/17/2011 01:28:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 4095.18 MB
Available physical RAM: 2304.8 MB
Total Pagefile: 8188.57 MB
Available Pagefile: 6245.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:465.66 GB) (Free:281.1 GB) NTFS
Drive r: (Daten) (Network) (Total:465.73 GB) (Free:322.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 37E0A7F6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================

cosinus 26.05.2015 09:33
Hi,

Zitat:
Trend Micro
MBAM
JRST
Adware Cleaner
ESET
Bitte alle Logs dazu nachreichen...

HtHNightwolf 26.05.2015 10:15
OfficeScan: Log momentan nicht exportierbar.
ESET: LOg gelöscht, ich scanne gerade neu und reiche es ein, sobald es fertig ist.

MBAM am Tag 1 (Erster Scan nach Befall, 18.05.2015):

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 18.05.2015
Suchlauf-Zeit: 09:27:21
Logdatei: maleware18.05.15.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.17.03
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ts

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 623445
Verstrichene Zeit: 59 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 51
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.FaceMoods.A, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0D7562AE-8EF6-416d-A838-AB665251703A}, In Quarantäne, [6255e5af49418bab9407f8606b98c53b],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kpionmjnkbpcdpcflammlgllecmejgjj, In Quarantäne, [288f544092f866d087a09459897a7b85],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{82443621-A29A-473E-8335-F5C958A7A4CA}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{82443621-A29A-473E-8335-F5C958A7A4CA}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{82443621-A29A-473E-8335-F5C958A7A4CA}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\IEhelperActiveX.IEhelperLabel.1, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\IEhelperActiveX.IEhelperLabel, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IEhelperActiveX.IEhelperLabel, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IEhelperActiveX.IEhelperLabel, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IEhelperActiveX.IEhelperLabel.1, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IEhelperActiveX.IEhelperLabel.1, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1B48071-416D-474E-A13B-BE5456E7FC31}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A1B48071-416D-474E-A13B-BE5456E7FC31}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\MyNewsBar.IE5Bar.1, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\MyNewsBar.IE5Bar, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyNewsBar.IE5Bar, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MyNewsBar.IE5Bar, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyNewsBar.IE5Bar.1, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MyNewsBar.IE5Bar.1, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C876A2AD-D4BA-11D3-9D38-D0D087C500CC}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C876A2AD-D4BA-11D3-9D38-D0D087C500CC}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C876A2AD-D4BA-11D3-9D38-D0D087C500CC}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\vShare.tv plugin, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],

Registrierungswerte: 4
Trojan.FakeAV, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|standard-contact, C:\Users\ts2\AppData\Local\Standard-juice\standard-age.exe, In Quarantäne, [6e49b2e27e0c9c9ad27a0f4852b043bd]
Trojan.FakeAV, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|standard-contact, C:\Users\ts2\AppData\Local\Standard-juice\standard-age.exe, In Quarantäne, [6e49b2e27e0c9c9ad27a0f4852b043bd]
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, VShareTB, In Quarantäne, [f4c32272b0daed49681f00528380669a]
PUP.Optional.VShareRedir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [8037593b5d2dec4acaa17def42c116ea],

Registrierungsdaten: 1
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://start.facemoods.com/?a=cpx&s={searchTerms}&f=4, Gut: (www.google.com), Schlecht: (hxxp://start.facemoods.com/?a=cpx&s={searchTerms}&f=4),Ersetzt,[a017afe5800a0c2a91526db2ae586997]

Ordner: 3
PUP.Optional.vShare.A, C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj, In Quarantäne, [6a4dc6cee0aaf244507ae1e515ee45bb],
PUP.Optional.vShare.A, C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0, In Quarantäne, [6a4dc6cee0aaf244507ae1e515ee45bb],
PUP.Optional.vShare.A, C:\Program Files (x86)\vShare.tv plugin, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],

Dateien: 13
Trojan.FakeAV, C:\Users\ts2\AppData\Local\Standard-juice\standard-age.exe, Löschen bei Neustart, [6e49b2e27e0c9c9ad27a0f4852b043bd],
PUP.Optional.BarLchr.A, C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll, In Quarantäne, [f4c32272b0daed49681f00528380669a],
PUP.Optional.StartSear.A, C:\Users\ts2\AppData\Roaming\Mozilla\Firefox\Profiles\ksumi1tn.default\searchplugins\startsear.xml, In Quarantäne, [5c5bfb990e7c11251bfa02f735ce32ce],
PUP.Optional.FaceMoods.A, C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage, In Quarantäne, [3a7d197b2862c274818aff19ad57bc44],
PUP.Optional.vShare.A, C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll, In Quarantäne, [6a4dc6cee0aaf244507ae1e515ee45bb],
PUP.Optional.vShare.A, C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\manifest.json, In Quarantäne, [6a4dc6cee0aaf244507ae1e515ee45bb],
PUP.Optional.vShare.A, C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, C:\Program Files (x86)\vShare.tv plugin\uninst.exe, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.vShare.A, C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx, In Quarantäne, [3f78563eafdb6dc90bda9a2c7093dd23],
PUP.Optional.FaceMoods.A, C:\Users\ts2\AppData\Roaming\Mozilla\Firefox\Profiles\ksumi1tn.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.aflt", "_#cpx");), Ersetzt,[e5d21084f2980432213f75ebef17fa06]
PUP.Optional.FaceMoods.A, C:\Users\ts2\AppData\Roaming\Mozilla\Firefox\Profiles\ksumi1tn.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If yo), Ersetzt,[922540547d0dc076f070fe623dc95ba5]
PUP.Optional.FaceMoods.A, C:\Users\ts2\AppData\Roaming\Mozilla\Firefox\Profiles\ksumi1tn.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you), Ersetzt,[b3043262ff8bcb6b4a161b45d630b050]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

MBAM am Freitag (22.05.2015):
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 22.05.2015
Suchlauf-Zeit: 09:00:25
Logdatei: maleware22.05.15.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.21.04
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ts

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 624721
Verstrichene Zeit: 1 Std, 12 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 4
Trojan.Dropper.FAVGen, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bench-pain, C:\Users\ts2\AppData\Local\Bench-closet\bench-introduce.exe, In Quarantäne, [67e1d1c5d3b7fb3b193181dd0af8718f]
Trojan.Dropper.FAVGen, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|bench-pain, C:\Users\ts2\AppData\Local\Bench-closet\bench-introduce.exe, In Quarantäne, [67e1d1c5d3b7fb3b193181dd0af8718f]
Trojan.Dropper.FAVGen, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|standard-contact, C:\Users\ts2\AppData\Roaming\Standard-fly\standardauthor.exe, In Quarantäne, [33159bfb701a1224e7a0f46a738fa060]
Trojan.Dropper.FAVGen, HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|standard-contact, C:\Users\ts2\AppData\Roaming\Standard-fly\standardauthor.exe, In Quarantäne, [33159bfb701a1224e7a0f46a738fa060]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 2
Trojan.Dropper.FAVGen, C:\Users\ts2\AppData\Local\Bench-closet\bench-introduce.exe, In Quarantäne, [67e1d1c5d3b7fb3b193181dd0af8718f],
Trojan.Dropper.FAVGen, C:\Users\ts2\AppData\Roaming\Standard-fly\standardauthor.exe, In Quarantäne, [33159bfb701a1224e7a0f46a738fa060],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
MBAM heute ist sauber, das Log erspare ich uns.


Rkill findet täglich:

Code:
Rkill 2.7.0 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/26/2015 08:53:29 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\HsMgr.exe (PID: 3052) [WD-HEUR]
 * C:\Windows\system\HsMgr64.exe (PID: 384) [WD-HEUR]
 * C:\Windows\SysWOW64\32ELOZIP.EXE (PID: 4664) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows-Firewall (MpsSvc) is not Running.
  Startup Type set to: Disabled

 * Windows-Firewallautorisierungstreiber (mpsdrv) is not Running.
  Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 05/26/2015 08:58:45 AM
Execution time: 0 hours(s), 5 minute(s), and 16 seconds(s)

cosinus 26.05.2015 20:58
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

HtHNightwolf 27.05.2015 10:32
Das wäre dann Combofix:

Code:
ComboFix 15-05-25.01 - ts 27.05.2015  10:08:04.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4095.2526 [GMT 2:00]
ausgeführt von:: c:\users\ts2\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\QuickTime\QTTask.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\UNWISE32.EXE
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-04-27 bis 2015-05-27  ))))))))))))))))))))))))))))))
.
.
2015-05-27 08:17 . 2015-05-27 08:17        --------        d-----w-        c:\users\ts.old\AppData\Local\temp
2015-05-27 08:17 . 2015-05-27 08:17        --------        d-----w-        c:\users\test\AppData\Local\temp
2015-05-27 08:17 . 2015-05-27 08:17        --------        d-----w-        c:\users\TEMP\AppData\Local\temp
2015-05-27 08:17 . 2015-05-27 08:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-05-27 08:17 . 2015-05-27 08:17        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2015-05-26 16:17 . 2015-05-27 07:20        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-26 09:10 . 2015-05-26 09:11        --------        d-----w-        C:\AdwCleaner
2015-05-22 13:52 . 2015-05-26 07:24        --------        d-----w-        C:\FRST
2015-05-22 10:32 . 2015-05-22 10:32        --------        d-----w-        c:\program files (x86)\ESET
2015-05-22 08:39 . 2015-05-22 08:39        --------        d-----w-        c:\users\ts2\AppData\Roaming\VSRevoGroup
2015-05-22 08:06 . 2015-05-22 08:06        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-05-22 07:26 . 2015-05-26 16:07        --------        d--h--w-        c:\users\ts2\AppData\Local\Year-investigate
2015-05-20 13:48 . 2015-05-01 13:17        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 13:47 . 2015-05-01 13:16        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 13:45 . 2015-05-18 02:57        12214312        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{980DEC50-221B-4E87-81AA-A1EE23DDFDB6}\mpengine.dll
2015-05-20 13:40 . 2015-03-25 03:24        98304        ----a-w-        c:\windows\system32\wudriver.dll
2015-05-20 13:39 . 2015-05-05 01:29        342016        ----a-w-        c:\windows\system32\schannel.dll
2015-05-20 13:38 . 2015-04-20 03:17        1647104        ----a-w-        c:\windows\system32\DWrite.dll
2015-05-20 13:37 . 2015-01-29 03:19        2543104        ----a-w-        c:\windows\system32\wpdshext.dll
2015-05-20 13:37 . 2015-01-29 03:19        1195008        ----a-w-        c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-20 13:37 . 2015-01-29 03:02        2311168        ----a-w-        c:\windows\SysWow64\wpdshext.dll
2015-05-20 13:37 . 2015-02-25 03:18        754688        ----a-w-        c:\windows\system32\drivers\http.sys
2015-05-20 13:37 . 2015-04-11 03:19        69888        ----a-w-        c:\windows\system32\drivers\stream.sys
2015-05-20 13:37 . 2015-03-05 05:12        404480        ----a-w-        c:\windows\system32\gdi32.dll
2015-05-20 13:37 . 2015-03-05 04:05        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2015-05-20 13:37 . 2015-04-13 03:28        328704        ----a-w-        c:\windows\system32\services.exe
2015-05-20 13:27 . 2015-03-04 04:41        72192        ----a-w-        c:\windows\system32\aelupsvc.dll
2015-05-20 13:27 . 2015-03-04 04:41        342016        ----a-w-        c:\windows\system32\apphelp.dll
2015-05-20 13:27 . 2015-03-04 04:41        23552        ----a-w-        c:\windows\system32\sdbinst.exe
2015-05-20 13:27 . 2015-03-04 04:10        295936        ----a-w-        c:\windows\SysWow64\apphelp.dll
2015-05-20 13:27 . 2015-03-04 04:41        6656        ----a-w-        c:\windows\system32\shimeng.dll
2015-05-20 13:27 . 2015-03-04 04:11        5120        ----a-w-        c:\windows\SysWow64\shimeng.dll
2015-05-20 13:27 . 2015-03-04 04:10        20992        ----a-w-        c:\windows\SysWow64\sdbinst.exe
2015-05-20 13:24 . 2015-03-04 04:55        367552        ----a-w-        c:\windows\system32\clfs.sys
2015-05-20 13:24 . 2015-03-04 04:41        79360        ----a-w-        c:\windows\system32\clfsw32.dll
2015-05-20 13:24 . 2015-03-04 04:10        58880        ----a-w-        c:\windows\SysWow64\clfsw32.dll
2015-05-20 11:14 . 2015-05-20 11:14        --------        d-----w-        C:\RegBackup
2015-05-20 07:00 . 2015-05-26 16:07        --------        d--h--w-        c:\users\ts2\AppData\Roaming\Year-earn
2015-05-20 07:00 . 2015-05-22 08:13        --------        d--h--w-        c:\users\ts2\AppData\Roaming\Standard-fly
2015-05-19 12:20 . 2015-05-26 16:07        --------        d--h--w-        c:\users\ts2\AppData\Roaming\Potatoestimate
2015-05-19 06:51 . 2015-05-20 06:40        --------        d--h--w-        c:\users\ts2\AppData\Local\Year-league
2015-05-18 07:26 . 2015-05-27 06:56        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-18 07:26 . 2015-05-27 06:55        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-05-18 07:26 . 2015-04-14 07:37        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-05-18 07:26 . 2015-04-14 07:37        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-05-18 07:26 . 2015-05-18 07:26        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-18 07:26 . 2015-05-18 07:26        --------        d-----w-        c:\programdata\Malwarebytes
2015-05-18 07:02 . 2015-05-22 08:13        --------        d--h--w-        c:\users\ts2\AppData\Local\Bench-closet
2015-05-15 06:26 . 2015-05-18 06:31        --------        d--h--w-        c:\users\ts2\AppData\Local\Potato-remind
2015-05-13 06:52 . 2015-05-26 16:07        --------        d--h--w-        c:\users\ts2\AppData\Local\Fatrelate
2015-05-13 06:22 . 2015-05-15 06:14        --------        d--h--w-        c:\users\ts2\AppData\Local\Yearnose
2015-05-08 06:49 . 2015-05-18 08:29        --------        d--h--w-        c:\users\ts2\AppData\Local\Standard-juice
2015-05-07 07:06 . 2015-05-22 06:44        --------        d--h--w-        c:\users\ts2\AppData\Local\Thanks_cancel
2015-05-05 07:48 . 2015-05-13 06:16        --------        d--h--w-        c:\users\ts2\AppData\Roaming\Fatexist
2015-05-04 06:46 . 2015-05-05 06:53        --------        d--h--w-        c:\users\ts2\AppData\Local\Fataccount
2015-05-01 18:10 . 2015-05-01 18:10        229608        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-26 08:06 . 2014-06-20 14:11        240176        ----a-w-        c:\windows\RegBootClean64.exe
2015-05-18 08:35 . 2012-04-05 06:19        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-18 08:35 . 2011-09-29 11:42        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-30 08:07 . 2011-02-01 16:39        140425016        ----a-w-        c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-20 13:39        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-04-15 08:48 . 2015-04-15 08:48        18178736        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-04-14 01:38 . 2015-04-14 01:38        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2015-03-04 04:41 . 2015-05-20 13:27        309248        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-20 13:27        103424        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-05-20 13:27        470528        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-20 13:27        2178560        ----a-w-        c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-20 13:27        2560        ----a-w-        c:\windows\apppatch\AcRes.dll
2004-03-01 19:58 . 2012-09-26 08:59        561424        ----a-w-        c:\program files (x86)\Common Files\dao360.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DWQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\dwtrig20.exe" [2007-02-23 1064872]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-12 2068856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-08-12 1362624]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-12 2068856]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" [2014-05-30 325960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"InstallShieldSetup"="c:\program files (x86)\InstallShield Installation Information\VERLAG C_H_ BECK M_NCHENER VERTRAGSHANDBUCH EDITION 7 C 7_0\setup.exe" [2005-11-14 121064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 ntiomin;ntiomin; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 Olympus DVR Service;Olympus DVR Service;c:\program files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe;c:\program files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ShadowProtectSvc;ShadowProtect Service;c:\program files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe;c:\program files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [x]
R4 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\SysWOW64\vsnapvss.exe;c:\windows\SysWOW64\vsnapvss.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 stcvsm;StorageCraft Volume Snapshot Driver;c:\windows\system32\DRIVERS\stcvsm.sys;c:\windows\SYSNATIVE\DRIVERS\stcvsm.sys [x]
S1 sbmount;StorageCraft Image Mount Driver; [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DragonLoggerService;Dragon Logger service;c:\program files (x86)\Common Files\Nuance\loggerservice.exe;c:\program files (x86)\Common Files\Nuance\loggerservice.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;c:\program files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 06:56        986440        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:35]
.
2015-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 06:56]
.
2015-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 06:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="-HideWindow" [X]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-12-08 8151040]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.96.1
FF - ProfilePath - c:\users\ts2\AppData\Roaming\Mozilla\Firefox\Profiles\4y90kgis.default-1432305455912\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
AddRemove-Becksches Formularbuch Bürgerliches, Handels- und Wirtschaftsrecht - c:\windows\system32\isuninst -cc:\windows\system32\bcuninst.dll
AddRemove-RA-MICRO Programmdateien - c:\windows\System32\UNWISE32.EXE
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2516187649-2465164387-518761543-1193\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db1
"FirstLogon"=dword:00000000
"ParseAutoexec"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Olympus\DeviceDetector\DM1Service.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TightVNC\WinVNC.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
c:\program files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\programdata\FLEXnet\Connect\11\agent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-27  10:28:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-27 08:28
.
Vor Suchlauf: 27 Verzeichnis(se), 304.101.867.520 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 304.923.099.136 Bytes frei
.
- - End Of File - - C579DC5007BA115EE7AF292F46CC2827
A36C5E4F47E84449FF07ED3517B43A31
Und das ESET von gestern noch nachträglich:

Code:
C:\Users\ts2\AppData\Local\Fatrelate\fat_write.exe        Win32/Trustezeb.K Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\ts2\AppData\Local\Temp\Money-concert\moneydiscover.exe        Win32/Trustezeb.K Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\ts2\AppData\Local\Temp\Money-mate\money-school.exe        Win32/Trustezeb.K Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\ts2\AppData\Local\Year-investigate\year_list.exe        Win32/Trustezeb.K Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\ts2\AppData\Roaming\Potatoestimate\potato-represent.exe        Win32/Trustezeb.K Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\ts2\AppData\Roaming\Year-earn\year-discipline.exe        Variante von Win32/Kryptik.DJCM Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert

cosinus 27.05.2015 11:37
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


HtHNightwolf 28.05.2015 11:42
Code:
# AdwCleaner v4.204 - Bericht erstellt 28/05/2015 um 12:19:49
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : ts - WS15
# Gestarted von : C:\Users\ts2\Downloads\adwcleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [2462 Bytes] - [20/05/2015 11:52:16]
AdwCleaner[R1].txt - [940 Bytes] - [20/05/2015 13:06:19]
AdwCleaner[R2].txt - [1056 Bytes] - [20/05/2015 14:29:47]
AdwCleaner[R3].txt - [1116 Bytes] - [22/05/2015 10:33:18]
AdwCleaner[R4].txt - [1175 Bytes] - [22/05/2015 16:01:11]
AdwCleaner[R6].txt - [1233 Bytes] - [28/05/2015 12:18:31]
AdwCleaner[S0].txt - [2307 Bytes] - [20/05/2015 11:54:53]
AdwCleaner[S1].txt - [998 Bytes] - [20/05/2015 13:08:04]
AdwCleaner[S2].txt - [1154 Bytes] - [28/05/2015 12:19:49]

########## EOF - U:\AdwCleaner\AdwCleaner[S2].txt - [1213  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.1 (05.27.2015:1)
OS: Windows 7 Professional x64
Ran by ts on 28.05.2015 at 12:23:35,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\ts2\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\ts2\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\ts2\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\ts2\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2015 at 12:27:37,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by ts (administrator) on WS15 on 28-05-2015 12:31:11
Running from C:\Users\ts2\Desktop\LOGs
Loaded Profiles: ts (Available Profiles: Test & ts_old & ts & Administrator & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [OfficeScanNT Monitor] =>  -HideWindow
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1362624 2010-08-12] (Trend Micro Inc.)
HKLM-x32\...\RunOnce: [InstallShieldSetup] => C:\Program Files (x86)\InstallShield Installation Information\VERLAG C_H_ BECK M_NCHENER VERTRAGSHANDBUCH EDITION 7 C 7_0\setup.exe [121064 2005-11-14] (Macrovision Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\508\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20.exe [1064872 2007-02-23] (Microsoft Corporation)
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\Control Panel\Desktop\\SCRNSAVE.EXE ->
CHR HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-23] (Nuance Communications, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-23] (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.96.1

FireFox:
========
FF ProfilePath: C:\Users\ts2\AppData\Roaming\Mozilla\Firefox\Profiles\4y90kgis.default-1432305455912
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-23] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-23] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-2516187649-2465164387-518761543-1193: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ts2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-29] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-02] (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-05-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-05-18]

Chrome:
=======
CHR Profile: C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\ts2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2013-03-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 DM1Service; C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe [73728 2007-06-11] (OLYMPUS IMAGING CORP.) []
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)
S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) []
S2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [2024896 2010-08-04] (Trend Micro Inc.)
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [176128 2010-02-26] (OLYMPUS IMAGING CORP.) []
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) []
S4 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [3644200 2011-06-24] (StorageCraft Technology Corporation)
S2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [2354224 2010-08-04] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917768 2010-04-24] (Trend Micro Inc.)
S4 VSNAPVSS; C:\Windows\SysWOW64\vsnapvss.exe [72488 2011-06-24] (StorageCraft Technology Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 winvnc; C:\Program Files (x86)\TightVNC\WinVNC.exe [585728 2009-03-05] (TightVNC Group) []
S2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1261056 2010-07-23] (C-Media Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S1 ntiomin; No ImagePath
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [116008 2011-06-24] (StorageCraft Technology Corporation)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [276264 2011-06-24] (StorageCraft Technology Corporation)
S2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
S2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108048 2010-04-24] (Trend Micro Inc.)
S2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 12:27 - 2015-05-28 12:27 - 00001043 _____ () C:\Users\ts2\Desktop\JRT.txt
2015-05-28 12:22 - 2015-05-28 12:22 - 00001293 _____ () C:\Users\ts2\Desktop\AdwCleaner[S2].txt
2015-05-27 10:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-27 10:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-27 10:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-27 10:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-27 10:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-27 10:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-27 10:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-27 10:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-27 09:44 - 2015-05-27 10:28 - 00000000 ____D () C:\Qoobox
2015-05-27 09:44 - 2015-05-27 10:25 - 00000000 ____D () C:\Windows\erdnt
2015-05-27 09:34 - 2015-05-27 09:34 - 05628291 ____R (Swearware) C:\Users\ts2\Desktop\ComboFix.exe
2015-05-26 18:17 - 2015-05-27 09:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-26 18:16 - 2015-05-27 09:20 - 00000000 ____D () C:\Users\ts2\Desktop\mbar
2015-05-26 17:00 - 2015-05-26 17:00 - 16502728 _____ (Malwarebytes Corp.) C:\Users\ts2\Downloads\mbar-1.09.1.1004.exe
2015-05-26 11:10 - 2015-05-26 11:11 - 00000000 ____D () C:\AdwCleaner
2015-05-26 09:18 - 2015-05-26 09:18 - 00000000 ____D () C:\Users\ts2\Downloads\FRST-OlderVersion
2015-05-22 15:54 - 2015-05-26 09:20 - 00038426 _____ () C:\Users\ts2\Downloads\Addition.txt
2015-05-22 15:52 - 2015-05-28 12:31 - 00000000 ____D () C:\FRST
2015-05-22 12:32 - 2015-05-22 12:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-22 10:39 - 2015-05-22 10:39 - 00000000 ____D () C:\Users\ts2\AppData\Roaming\VSRevoGroup
2015-05-22 10:22 - 2015-05-22 10:22 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\ts2\Downloads\WinIOgOn64-27427.exe
2015-05-22 10:06 - 2015-05-22 10:06 - 00001270 _____ () C:\Users\ts2\Desktop\Revo Uninstaller.lnk
2015-05-22 10:06 - 2015-05-22 10:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-22 09:42 - 2015-05-22 09:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ts2\Downloads\revosetup.exe
2015-05-22 09:26 - 2015-05-26 18:07 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Year-investigate
2015-05-22 09:25 - 2015-05-22 09:26 - 02209792 _____ () C:\Users\ts2\Downloads\adwcleaner_4.205.exe
2015-05-22 08:46 - 2015-05-22 08:46 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\ts2\Downloads\WinIOgOn64.exe
2015-05-20 15:48 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 15:47 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 15:41 - 2015-04-10 18:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-20 15:41 - 2015-04-10 18:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-20 15:41 - 2015-04-10 18:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-20 15:41 - 2015-04-10 18:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-20 15:41 - 2015-04-10 18:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-20 15:41 - 2015-04-10 18:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-20 15:41 - 2015-04-10 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-20 15:41 - 2015-04-10 18:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-20 15:41 - 2015-04-10 18:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-20 15:41 - 2015-04-10 18:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-20 15:41 - 2015-04-10 18:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-20 15:41 - 2015-04-10 18:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-20 15:41 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-20 15:41 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-20 15:41 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-20 15:41 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-20 15:41 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-20 15:41 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-20 15:41 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-20 15:41 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-20 15:41 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-20 15:41 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-20 15:41 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-20 15:41 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-20 15:40 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-20 15:40 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-20 15:40 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-20 15:40 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-20 15:40 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-20 15:40 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-20 15:40 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-20 15:40 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-20 15:40 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-20 15:40 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-20 15:40 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-20 15:40 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-20 15:40 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-20 15:40 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-20 15:39 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-20 15:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-20 15:39 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-20 15:39 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-20 15:39 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-20 15:39 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-20 15:39 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-20 15:39 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-20 15:39 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-20 15:39 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-20 15:39 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-20 15:39 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-20 15:39 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-20 15:39 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-20 15:39 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-20 15:39 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-20 15:39 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-20 15:39 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-20 15:39 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-20 15:39 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-20 15:39 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-20 15:39 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-20 15:39 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-20 15:39 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-20 15:39 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-20 15:39 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-20 15:39 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-20 15:39 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-20 15:39 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-20 15:39 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-20 15:39 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-20 15:39 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-20 15:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-20 15:38 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-20 15:38 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-20 15:38 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-20 15:38 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-20 15:38 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-20 15:38 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-20 15:38 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-20 15:38 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-20 15:38 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-20 15:38 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-20 15:38 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-20 15:38 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-20 15:38 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-20 15:38 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-20 15:38 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-20 15:38 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-20 15:38 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-20 15:37 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-20 15:37 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-20 15:37 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-20 15:37 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-20 15:37 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-20 15:37 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-20 15:37 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-20 15:27 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-20 15:27 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-20 15:27 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-20 15:27 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-20 15:27 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-20 15:27 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-20 15:27 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-20 15:24 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-20 15:24 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-20 15:24 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-20 13:15 - 2015-05-20 13:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WS15-Windows-7-Professional-(64-bit).dat
2015-05-20 13:14 - 2015-05-20 13:14 - 00000000 ____D () C:\RegBackup
2015-05-20 12:09 - 2015-05-20 12:09 - 02953520 _____ (AVAST Software) C:\Users\ts2\Downloads\avast-browser-cleanup_9.0.0.224.exe
2015-05-20 12:09 - 2015-05-20 12:09 - 02720307 _____ (Thisisu) C:\Users\ts2\Downloads\JRT_6.7.0.exe
2015-05-20 09:41 - 2015-05-20 09:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\ts2\Downloads\WinIOgOn.exe
2015-05-20 09:00 - 2015-05-26 18:07 - 00000000 ___HD () C:\Users\ts2\AppData\Roaming\Year-earn
2015-05-20 09:00 - 2015-05-22 10:13 - 00000000 ___HD () C:\Users\ts2\AppData\Roaming\Standard-fly
2015-05-20 08:38 - 2015-05-20 08:38 - 00000015 _____ () C:\Windows\ዞ
2015-05-19 14:20 - 2015-05-26 18:07 - 00000000 ___HD () C:\Users\ts2\AppData\Roaming\Potatoestimate
2015-05-19 08:51 - 2015-05-20 08:40 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Year-league
2015-05-19 08:50 - 2015-05-19 08:50 - 00000015 _____ () C:\Windows\犗
2015-05-19 08:50 - 2015-05-19 08:50 - 00000015 _____ () C:\Windows\瀠
2015-05-18 12:09 - 2015-05-18 12:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 09:26 - 2015-05-27 08:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 09:26 - 2015-05-27 08:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 09:26 - 2015-05-18 09:26 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-18 09:26 - 2015-05-18 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 09:26 - 2015-05-18 09:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 09:26 - 2015-05-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 09:26 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 09:26 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 09:22 - 2015-05-18 09:22 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ts2\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-18 09:02 - 2015-05-22 10:13 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Bench-closet
2015-05-18 08:31 - 2015-05-18 08:32 - 00000044 _____ () C:\Windows\뱵띦暼疷WINDOWS
2015-05-15 14:02 - 2015-05-15 14:03 - 00000044 _____ () C:\Windows\뱶暼盬WINDOWS
2015-05-15 10:18 - 2015-05-15 13:46 - 00000000 ____D () C:\Users\ts2\Desktop\Diktate
2015-05-15 08:26 - 2015-05-18 08:31 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Potato-remind
2015-05-15 08:14 - 2015-05-15 08:15 - 00000044 _____ () C:\Windows\뱶䭦暼癋WINDOWS
2015-05-13 14:00 - 2015-05-13 14:00 - 02347384 _____ (ESET) C:\Users\ts2\Downloads\esetsmartinstaller_deu.exe
2015-05-13 13:23 - 2015-05-13 13:24 - 00000044 _____ () C:\Windows\뱴暼瓠WINDOWS
2015-05-13 10:11 - 2015-05-13 10:12 - 00000044 _____ () C:\Windows\뱵葦暼疄WINDOWS
2015-05-13 10:06 - 2015-05-13 10:07 - 00000044 _____ () C:\Windows\뱶⁦暼瘠WINDOWS
2015-05-13 08:52 - 2015-05-26 18:07 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Fatrelate
2015-05-13 08:22 - 2015-05-15 08:14 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Yearnose
2015-05-13 08:16 - 2015-05-13 08:17 - 00000044 _____ () C:\Windows\뱵०暼甉WINDOWS
2015-05-11 09:24 - 2015-05-11 09:25 - 00000044 _____ () C:\Windows\뱵쥦暼痉WINDOWS
2015-05-11 08:19 - 2015-05-11 08:21 - 00000044 _____ () C:\Windows\뱶䵦暼癍WINDOWS
2015-05-08 08:49 - 2015-05-18 10:29 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Standard-juice
2015-05-08 08:48 - 2015-05-08 08:49 - 00000044 _____ () C:\Windows\뱶屦暼癜WINDOWS
2015-05-07 09:06 - 2015-05-22 08:44 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Thanks_cancel
2015-05-06 15:32 - 2015-05-06 15:32 - 00000000 ____D () C:\Users\ts2\Desktop\Bilder
2015-05-05 13:19 - 2015-05-05 13:19 - 00000026 _____ () C:\Windows\upathÄÿÿÿM
2015-05-05 09:48 - 2015-05-13 08:16 - 00000000 ___HD () C:\Users\ts2\AppData\Roaming\Fatexist
2015-05-04 08:46 - 2015-05-05 08:53 - 00000000 ___HD () C:\Users\ts2\AppData\Local\Fataccount

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 12:28 - 2013-08-06 17:18 - 00000000 ____D () C:\Rumpelsti
2015-05-28 12:26 - 2011-02-01 17:40 - 01855392 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 12:24 - 2011-08-23 10:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 12:24 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 12:24 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 12:21 - 2011-02-02 18:55 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2015-05-28 12:21 - 2011-02-01 18:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-28 12:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 12:21 - 2009-07-14 06:51 - 00116010 _____ () C:\Windows\setupact.log
2015-05-28 12:14 - 2011-02-04 18:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-28 11:48 - 2012-04-05 08:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 09:30 - 2011-05-04 10:34 - 00004155 _____ () C:\Users\ts2\AppData\Roaming\SAS7_000.DAT
2015-05-28 09:30 - 2011-02-02 12:10 - 00000764 _____ () C:\Windows\DictaNet.ini
2015-05-28 09:09 - 2011-02-02 12:32 - 00008822 _____ () C:\Windows\cfgall.ini
2015-05-28 08:43 - 2013-10-31 15:51 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-05-27 15:57 - 2011-09-06 16:09 - 00003782 _____ () C:\Windows\TMFilter.log
2015-05-27 13:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-27 10:28 - 2011-09-02 15:13 - 00000000 ____D () C:\Users\ts
2015-05-27 10:28 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-27 10:20 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-27 10:18 - 2011-02-01 18:12 - 00368804 _____ () C:\Windows\PFRO.log
2015-05-27 10:16 - 2015-02-02 12:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-05-26 17:29 - 2011-09-02 11:50 - 00000000 ____D () C:\iTunes
2015-05-26 10:06 - 2014-06-20 16:11 - 00240176 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-05-22 10:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-05-20 16:30 - 2009-07-14 19:58 - 00811018 _____ () C:\Windows\system32\perfh007.dat
2015-05-20 16:30 - 2009-07-14 19:58 - 00189980 _____ () C:\Windows\system32\perfc007.dat
2015-05-20 16:30 - 2009-07-14 07:13 - 01908646 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 16:22 - 2012-05-09 15:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-20 16:22 - 2012-05-09 15:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-20 16:22 - 2009-07-14 06:45 - 00454136 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-20 16:19 - 2015-01-13 17:25 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-20 16:19 - 2014-05-09 15:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-20 16:19 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-20 16:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-20 16:17 - 2011-02-02 11:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-20 16:17 - 2009-07-14 04:34 - 00002194 _____ () C:\Windows\win.ini
2015-05-20 16:11 - 2011-02-04 16:56 - 01881990 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-20 16:09 - 2013-08-09 14:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-20 15:47 - 2012-05-09 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-20 14:28 - 2011-05-04 09:45 - 00000000 ____D () C:\Users\ts2\Desktop\Privat
2015-05-19 09:13 - 2011-08-23 10:11 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 09:13 - 2011-08-23 10:11 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 09:13 - 2011-08-23 10:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 08:38 - 2012-04-30 08:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 10:35 - 2014-08-15 10:25 - 00000000 ____D () C:\Users\ts2\AppData\Local\Adobe
2015-05-18 10:35 - 2012-04-05 08:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-18 10:35 - 2012-04-05 08:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-18 10:35 - 2011-09-29 13:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-15 08:30 - 2014-10-13 08:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-30 10:07 - 2011-02-01 18:39 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-09-26 10:59 - 2004-03-01 21:58 - 0561424 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\dao360.dll
2011-05-04 10:34 - 2015-05-28 09:30 - 0004155 _____ () C:\Users\ts2\AppData\Roaming\SAS7_000.DAT
2012-02-20 15:11 - 2012-02-20 15:11 - 0000003 _____ () C:\Users\ts2\AppData\Local\Bekannte Tresore.txt
2011-08-26 13:34 - 2011-08-26 13:34 - 0007602 _____ () C:\Users\ts2\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\ts2\AppData\Local\Temp\Quarantine.exe
C:\Users\ts2\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-27 13:20

==================== End of log ============================

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by ts at 2015-05-28 12:41:01
Running from C:\Users\ts2\Desktop\LOGs
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3492041919-3848507663-3309951301-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3492041919-3848507663-3309951301-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro OfficeScan Anti-spyware (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Becksches Formularbuch Bürgerliches, Handels- und Wirtschaftsrecht (HKLM-x32\...\Becksches Formularbuch Bürgerliches, Handels- und Wirtschaftsrecht) (Version:  - )
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM-x32\...\{7121136B-462F-46F7-8FC0-6A35E8DC2D5B}) (Version: 4.3.77 - DataDesign)
DDBAC (HKLM-x32\...\{88A0F52F-A024-4268-977E-E75B1F9C67ED}) (Version: 5.3.28 - DataDesign)
DDBAC (HKLM-x32\...\{CC12DCBF-D85B-45B1-9366-8C3F708B362E}) (Version: 4.3.49 - DataDesign)
DictaNet Mobile Player (HKLM-x32\...\DictaNet Mobile Player) (Version:  - )
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GNU Backgammon (Version 1_02_000, 20130728) (HKLM-x32\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist 8.0.0.508 (HKLM-x32\...\GoToAssist) (Version:  - )
GPS Master 2.0.14 (HKLM-x32\...\GPS Master_is1) (Version: 1.0 - GPS Master)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B0-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 DEU (HKLM\...\{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Surface 2.0 Runtime (HKLM-x32\...\{69C2B39D-F060-49AD-8877-01C4144A8424}) (Version: 2.0.21114.00 - Microsoft Corporation)
Microsoft Surface Toolkit Runtime for Windows Touch Beta (HKLM-x32\...\{788755AD-6DD7-4736-9CA9-24B05D87845C}) (Version: 1.5.10404.01 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) DEU  (HKLM-x32\...\{E6415AEF-3B3E-43FF-AD3A-0258D854E7D6}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) DEU  (HKLM-x32\...\{E90A1941-4989-4172-AB5C-DBCB02202A84}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) DEU  (HKLM-x32\...\{D0F06337-3406-4162-9990-7853DCE4F345}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) DEU  (HKLM-x32\...\{349B4707-5F45-49EB-9A9D-8F89C94355F2}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{D95B72D8-DE21-3DAE-B2C5-B1EE64EEBEFA}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.00.3 - Bibliographisches Institut & F.A. Brockhaus AG)
Olympus DSS Player Pro (HKLM-x32\...\{8E35083D-B04F-4823-A260-C07FDD3D40FD}) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OVS Formularpraxis (HKLM-x32\...\{49CB6744-E778-406C-91CD-F583B9AF4656}) (Version: 2.0.0.0 - Verlag Dr. Otto Schmidt)
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.269.0 - Tracker Software Products Ltd)
PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.162.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RA-MICRO Deinstallation (HKLM-x32\...\ra-micro Deinstallation) (Version:  - RA-MICRO GmbH & Co. KGaA)
RA-MICRO E-Akte (HKLM-x32\...\{DE6EAF75-5C96-4C8E-8009-99A83326E3E4}) (Version: 2.08.0000 - RA-MICRO Software GmbH)
RA-MICRO Elster (HKLM-x32\...\{EC15998D-5C48-43D9-B5A6-43085531B31C}) (Version: 4.25.0000 - RA-MICRO GmbH & Co KGaA)
RA-MICRO Festplattenbelegung (HKLM-x32\...\{76DA699C-A2D1-4430-8ACA-1547ADC2D7B3}) (Version: 1.06.0008 - RA-MICRO Software GmbH)
RA-MICRO Infragistics 10.3 (HKLM-x32\...\{2592ACCF-8D9B-4CF8-B791-16A94A8A75B8}) (Version: 10.01.30101 - RA-MICRO Software GmbH)
RA-MICRO Leadtools (HKLM-x32\...\{DE726A89-0BF3-433D-B975-4201BF2E8156}) (Version: 2.01.0000 - RA-MICRO Software GmbH)
RA-MICRO Programmdateien (HKLM-x32\...\RA-MICRO Programmdateien) (Version:  - )
RA-MICRO Systemdateien (HKLM-x32\...\{22674A89-CE4D-428D-BA79-4446933FBAF0}) (Version: 1.2.2010.0 - RA-MICRO Software GmbH)
RA-MICRO Terminverwaltung Outlook Addin (HKLM-x32\...\{64D87DBC-33D7-4FB3-A222-419FF51BDF10}) (Version: 7.200.0013 - RA-MICRO Software GmbH)
RA-MICRO.net (HKLM-x32\...\{3A0C8351-3F02-48E1-BFD6-D21078261203}) (Version: 9.0.0308 - RA-MICRO Software GmbH)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Schmerzensgeld CD 3.0 (HKLM-x32\...\Schmerzensgeld CD 3.0) (Version:  - )
SecCommerce SecSigner 3.6 (HKLM\...\SecCommerce SecSigner) (Version: 3.6 - SecCommerce Informationssysteme GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShadowProtect Desktop (HKLM-x32\...\{8850DEC8-22FD-4F05-A3AA-49B91200C24F}) (Version: 4.15.10129 - StorageCraft)
ShadowProtect Desktop (x32 Version: 4.15.10129 - StorageCraft) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 7.0  (HKLM-x32\...\{EE5B7DA5-4CEA-43FE-8B61-31CDAFE9262A}) (Version: 7.0 - Star Finanz GmbH)
StarMoney 8.0  (HKLM-x32\...\{FFB2EC54-FE7D-4C74-82C2-4F3ED9142A4D}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{33A9B7E8-86E9-489C-8931-324DE4228F7F}) (Version: 9.0 - Star Finanz GmbH)
TextControl 14.0 SP4 (HKLM-x32\...\{01201D0C-0AD2-471D-8CB6-E1574A5A0D8D}) (Version: 2.00.0000 - RA-MICRO Software GmbH)
TightVNC 1.3.10 (HKLM-x32\...\TightVNC_is1) (Version: 1.3.10 - TightVNC Group)
TreeMail (HKLM-x32\...\{4114624E-CE9E-448F-9AFE-16FCA726BCF2}) (Version: 3.22.0000 - RA-MICRO Software GmbH)
Trend Micro OfficeScan Client (HKLM-x32\...\{ECEA7878-2100-4525-915D-B09174E36971}) (Version: 10.5 - Trend Micro)
Unity Web Player (HKU\S-1-5-21-2516187649-2465164387-518761543-1193\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Verbatim Hard Drive Formatter (HKLM-x32\...\Verbatim Hard Drive Formatter_is1) (Version:  - Verbatim)
Verlag C.H. Beck Münchener Vertragshandbuch Edition 7 B 7.0 (HKLM-x32\...\VERLAG C_H_ BECK M_NCHENER VERTRAGSHANDBUCH EDITION 7 B 7_0) (Version: 7.0 - Verlag C.H. Beck)
Verlag C.H. Beck Münchener Vertragshandbuch Edition 7 C 7.0 (HKLM-x32\...\VERLAG C_H_ BECK M_NCHENER VERTRAGSHANDBUCH EDITION 7 C 7_0) (Version: 7.0 - Verlag C.H. Beck)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
Windows-Treiberpaket - Sunplus (SPCP825K) Ports  (07/01/2010 1.0.9.0) (HKLM\...\20986CDBFBCA238AA12329A115B1CC9D88E9C06C) (Version: 07/01/2010 1.0.9.0 - Sunplus)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

06-05-2015 12:42:03 Geplanter Prüfpunkt
20-05-2015 15:42:56 Windows Update
27-05-2015 10:04:22 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-27 10:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5B572D51-4BC7-4A05-A8F9-15B21B311BC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {856D1CC3-10E2-4728-A536-EEA465E09304} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A79FDBA8-2122-459C-9C69-7A8CDA52E047} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: {CD745933-B376-4F05-8553-2FE7FE34750D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CF192ECA-F28E-45DE-A01D-2DA92D51C0C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D953C596-6C23-4A2F-A503-FC4C0CFDB9D8} - System32\Tasks\{A854E862-0662-4A0E-B144-B4E4F4B81C06} => pcalua.exe -a "C:\Program Files (x86)\a-jur-Kanzleisoftware\gaplaunch.exe" -d "C:\Program Files (x86)\a-jur-Kanzleisoftware"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-10-20 16:08 - 2010-10-20 16:08 - 00122720 _____ () C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:9453D700

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2516187649-2465164387-518761543-1193\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.96.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{7DD1E163-28D5-449F-BFFE-1EE06EA53094}C:\program files (x86)\tightvnc\winvnc.exe] => (Allow) C:\program files (x86)\tightvnc\winvnc.exe
FirewallRules: [UDP Query User{2CE4204C-1F8E-45BD-8ABD-FE0B8ECBB8BD}C:\program files (x86)\tightvnc\winvnc.exe] => (Allow) C:\program files (x86)\tightvnc\winvnc.exe
FirewallRules: [{B989D689-1CB1-4073-ACE7-AD4168D23630}] => (Allow) LPort=51001

==================== Faulty Device Manager Devices =============

Name: ASUS Xonar DG Audio Device
Description: ASUS Xonar DG Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK
Service: cmudaxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 00:29:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1124
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (05/28/2015 00:28:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xf3c
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (05/28/2015 00:22:10 PM) (Source: Microsoft-Windows-Folder Redirection) (EventID: 502) (User: NTDRAE)
Description: Fehler bei der Richtlinienanwendung und beim Umleiten des Ordners "Pictures" nach "\\storage\Home\ts".
 Umleitungsoptionen=0x9211.
 Der folgende Fehler ist aufgetreten: "Fehler bei der Umleitung, da das Zielverzeichnis "\\storage\Home\ts" offline ist.".
 Fehlerdetails: "Der Netzwerkpfad wurde nicht gefunden.
".

Error: (05/28/2015 00:21:16 PM) (Source: WinVNC4) (EventID: 1) (User: )
Description: SocketManager: unknown listener event: 0

Error: (05/28/2015 00:17:18 PM) (Source: Microsoft-Windows-Folder Redirection) (EventID: 502) (User: NTDRAE)
Description: Fehler bei der Richtlinienanwendung und beim Umleiten des Ordners "Pictures" nach "\\storage\Home\ts".
 Umleitungsoptionen=0x9211.
 Der folgende Fehler ist aufgetreten: "Fehler bei der Umleitung, da das Zielverzeichnis "\\storage\Home\ts" offline ist.".
 Fehlerdetails: "Der Netzwerkpfad wurde nicht gefunden.
".

Error: (05/28/2015 00:16:12 PM) (Source: WinVNC4) (EventID: 1) (User: )
Description: SocketManager: unknown listener event: 0

Error: (05/28/2015 00:14:43 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (05/28/2015 00:14:41 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (05/28/2015 00:14:35 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (05/28/2015 00:14:35 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054


System errors:
=============
Error: (05/28/2015 00:29:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}

Error: (05/28/2015 00:24:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/28/2015 00:24:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 00:24:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dragon Logger service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/28/2015 00:24:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VNC Server Version 4" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 00:24:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VNC Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 00:24:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 8.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 00:24:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 9.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 00:24:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 7.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/28/2015 00:24:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/12/2011 08:43:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 462 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (02/23/2011 04:04:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 69 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 07:12:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 00:07:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2011 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 11:25:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2931 seconds with 1920 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 05:05:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 05:03:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 384 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 04:55:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1235 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (02/17/2011 01:33:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 241 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/17/2011 01:28:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-05-27 10:16:50.922
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-27 10:16:50.813
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 4095.18 MB
Available physical RAM: 2079.45 MB
Total Pagefile: 8188.57 MB
Available Pagefile: 6054.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:465.66 GB) (Free:283.08 GB) NTFS
Drive m: (Daten) (Network) (Total:465.73 GB) (Free:322.9 GB) NTFS
Drive r: (Daten) (Network) (Total:465.73 GB) (Free:322.9 GB) NTFS
Drive s: (Daten) (Network) (Total:465.73 GB) (Free:322.9 GB) NTFS
Drive u: (Daten) (Network) (Total:465.73 GB) (Free:322.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 37E0A7F6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================

cosinus 28.05.2015 12:52
adwCleaner war nicht ganz up2date. Bitte neu runterladen und nochmal ausführen.

HtHNightwolf 29.05.2015 09:25
AdwCleaner Logfile:
Code:
# AdwCleaner v4.205 - Bericht erstellt 29/05/2015 um 09:18:52
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : ts - WS15
# Gestarted von : C:\Users\ts2\Downloads\adwcleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [2462 Bytes] - [20/05/2015 11:52:16]
AdwCleaner[R1].txt - [940 Bytes] - [20/05/2015 13:06:19]
AdwCleaner[R2].txt - [1056 Bytes] - [20/05/2015 14:29:47]
AdwCleaner[R3].txt - [1116 Bytes] - [22/05/2015 10:33:18]
AdwCleaner[R4].txt - [1175 Bytes] - [22/05/2015 16:01:11]
AdwCleaner[R6].txt - [1233 Bytes] - [28/05/2015 12:18:31]
AdwCleaner[R7].txt - [1352 Bytes] - [29/05/2015 09:16:29]
AdwCleaner[R8].txt - [1411 Bytes] - [29/05/2015 09:18:09]
AdwCleaner[S0].txt - [2307 Bytes] - [20/05/2015 11:54:53]
AdwCleaner[S1].txt - [998 Bytes] - [20/05/2015 13:08:04]
AdwCleaner[S2].txt - [1293 Bytes] - [28/05/2015 12:19:49]
AdwCleaner[S3].txt - [1331 Bytes] - [29/05/2015 09:18:52]

########## EOF - U:\AdwCleaner\AdwCleaner[S3].txt - [1390  Bytes] ##########
--- --- ---

cosinus 29.05.2015 09:39
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CHR HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Windows\upathÄÿÿÿM
C:\Users\ts2\AppData\Local\Bench-closet
C:\Users\ts2\AppData\Local\Fataccount
C:\Users\ts2\AppData\Roaming\Fatexist
C:\Users\ts2\AppData\Local\Fatrelate
C:\Users\ts2\AppData\Local\Potato-remind
C:\Users\ts2\AppData\Local\Standard-juice
C:\Users\ts2\AppData\Local\Thanks_cancel
C:\Users\ts2\AppData\Local\Yearnose
C:\Windows\犗
C:\Windows\瀠
C:\Windows\뱵띦暼疷WINDOWS
C:\Windows\뱶暼盬WINDOWS
C:\Windows\뱶䭦暼癋WINDOWS
C:\Windows\뱴暼瓠WINDOWS
C:\Windows\뱵葦暼疄WINDOWS
C:\Windows\뱶⁦暼瘠WINDOWS
C:\Windows\뱵०暼甉WINDOWS
C:\Windows\뱵쥦暼痉WINDOWS
C:\Windows\뱶䵦暼癍WINDOWS
C:\Windows\뱶屦暼癜WINDOWS
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


HtHNightwolf 29.05.2015 10:54
Dann mit Unicode speichern?

cosinus 29.05.2015 11:12
Ist bei den chinesischen Zeichen wohl nötig :D

HtHNightwolf 29.05.2015 12:03
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by ts at 2015-05-29 12:08:45 Run:1
Running from C:\Users\ts2\Desktop\FRST
Loaded Profiles: ts (Available Profiles: Test & ts_old & ts & Administrator & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Windows\upathÄÿÿÿM
C:\Users\ts2\AppData\Local\Bench-closet
C:\Users\ts2\AppData\Local\Fataccount
C:\Users\ts2\AppData\Roaming\Fatexist
C:\Users\ts2\AppData\Local\Fatrelate
C:\Users\ts2\AppData\Local\Potato-remind
C:\Users\ts2\AppData\Local\Standard-juice
C:\Users\ts2\AppData\Local\Thanks_cancel
C:\Users\ts2\AppData\Local\Yearnose
C:\Windows\犗
C:\Windows\瀠
C:\Windows\뱵띦暼疷WINDOWS
C:\Windows\뱶暼盬WINDOWS
C:\Windows\뱶䭦暼癋WINDOWS
C:\Windows\뱴暼瓠WINDOWS
C:\Windows\뱵葦暼疄WINDOWS
C:\Windows\뱶⁦暼瘠WINDOWS
C:\Windows\뱵०暼甉WINDOWS
C:\Windows\뱵쥦暼痉WINDOWS
C:\Windows\뱶䵦暼癍WINDOWS
C:\Windows\뱶屦暼癜WINDOWS
EmptyTemp:
       


*****************

"HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\Policies\Google" => key Removed successfully
"HKU\S-1-5-21-2516187649-2465164387-518761543-1193\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
C:\Windows\upathÄÿÿÿM => Moved successfully.
C:\Users\ts2\AppData\Local\Bench-closet => Moved successfully.
C:\Users\ts2\AppData\Local\Fataccount => Moved successfully.
C:\Users\ts2\AppData\Roaming\Fatexist => Moved successfully.
C:\Users\ts2\AppData\Local\Fatrelate => Moved successfully.
C:\Users\ts2\AppData\Local\Potato-remind => Moved successfully.
C:\Users\ts2\AppData\Local\Standard-juice => Moved successfully.
C:\Users\ts2\AppData\Local\Thanks_cancel => Moved successfully.
C:\Users\ts2\AppData\Local\Yearnose => Moved successfully.
C:\Windows\犗 => Moved successfully.
C:\Windows\瀠 => Moved successfully.
C:\Windows\뱵띦暼疷WINDOWS => Moved successfully.
C:\Windows\뱶暼盬WINDOWS => Moved successfully.
C:\Windows\뱶䭦暼癋WINDOWS => Moved successfully.
C:\Windows\뱴暼瓠WINDOWS => Moved successfully.
C:\Windows\뱵葦暼疄WINDOWS => Moved successfully.
C:\Windows\뱶⁦暼瘠WINDOWS => Moved successfully.
C:\Windows\뱵०暼甉WINDOWS => Moved successfully.
C:\Windows\뱵쥦暼痉WINDOWS => Moved successfully.
C:\Windows\뱶䵦暼癍WINDOWS => Moved successfully.
C:\Windows\뱶屦暼癜WINDOWS => Moved successfully.
EmptyTemp: => Removed 682 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:09:58 ====

cosinus 29.05.2015 12:39
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


HtHNightwolf 01.06.2015 12:41
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.06.2015
Suchlauf-Zeit: 09:29:04
Logdatei: Malwarebyte.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.31.03
Rootkit Datenbank: v2015.05.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ts

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 648915
Verstrichene Zeit: 44 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

ESET lief ohne Meldungen durch, ohne Funde, jedoch habe ich das Programm nach dem Scan direkt eliminiert -_-
Sorry!
Ich scanne erneut, das kann jedoch noch ein paar Stunden laufen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:23 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131