Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 mit 64 Bit langsam (https://www.trojaner-board.de/181232-windows-7-64-bit-langsam.html)

siddi 22.08.2016 13:07
Windows 7 mit 64 Bit langsam
 
Liste der Anhänge anzeigen (Anzahl: 2)
Liebe Helfer/innen,

gerne helfe ich als Laie bei kleineren Pc Problemen innerhalb meines Freundeskreises.
Meist klappt es Problemlos und so konnte ich schon einige Systeme wieder ans laufen bringen.

Fakt ist wenn ich Ratlos bin, schaue ich mich bei Euch ohne Anmeldung um oder ich lasse die Finger davon und dann muss der jeweilige Besitzer selber klarkommen.

Diesmal habe ich einen Rechner vor mir der sehr langsam läuft und schon lange nicht mehr Aufgeräumt wurde, was ich gerne beheben würde.

Als erstes sah ich eine Logdatei auf der "C" mit dem Namen "Spacekace", was
lt. Internetergebnisse nichts gutes sein kann und um sicher zu gehen, greife ich gerne auf eure Hilfe zurück.


Ich habe mir die Anleitung genau durchgelesen und somit dürften die drei Logs von OTL , Addition und FRST schon mal richtig sein für den Anfang?

Freue mich auf eure Antworten.
Herzlichen Gruß

cosinus 22.08.2016 13:07
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

siddi 22.08.2016 13:14
OTL Log
 
OTL Logfile:
Code:
OTL logfile created on: 22.08.2016 13:27:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18349)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,19 Gb Available Physical Memory | 64,86% Memory free
15,99 Gb Paging File | 13,42 Gb Available in Paging File | 83,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 46,58 Gb Total Space | 3,02 Gb Free Space | 6,48% Space Free | Partition Type: NTFS
Drive D: | 186,30 Gb Total Space | 71,31 Gb Free Space | 38,27% Space Free | Partition Type: NTFS
 
Computer Name: GRAND-O-MAT | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016.08.22 10:58:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2016.07.31 14:56:28 | 000,809,488 | ---- | M] (Garmin Ltd. or its subsidiaries) -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
PRC - [2016.07.19 16:11:38 | 000,108,032 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2016.07.02 19:27:50 | 000,392,136 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016.06.25 01:45:12 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.11.21 02:00:00 | 000,937,984 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe
PRC - [2011.11.18 16:22:03 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016.05.20 23:54:46 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016.01.31 22:33:06 | 000,246,784 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2016.01.29 20:34:20 | 000,374,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2016.01.29 20:34:20 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2015.07.23 02:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2016.07.31 14:56:28 | 000,809,488 | ---- | M] (Garmin Ltd. or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe -- (Garmin Device Interaction Service)
SRV - [2016.07.29 15:02:41 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016.07.19 16:11:38 | 000,108,032 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2016.06.25 01:45:12 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016.03.04 02:33:41 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.04.12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011.11.18 16:22:03 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016.08.22 10:34:30 | 000,079,064 | ---- | M] (Malwarebytes) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\sdswo.sys -- (kgajwlyu)
DRV:64bit: - [2016.08.01 18:12:13 | 001,030,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2016.07.02 18:52:05 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2016.01.31 22:33:06 | 021,622,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2016.01.31 22:33:06 | 021,622,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2016.01.31 22:33:06 | 000,665,088 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015.11.13 09:50:26 | 000,133,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2015.06.17 17:04:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.04.18 10:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.04 02:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.04 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2016.01.31 22:07:44 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2011.11.16 01:42:25 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 03 0C 04 C9 A3 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = B1 F7 03 2B C3 97 D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:47.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2016.07.02 19:27:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2016.07.14 19:23:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2016.07.02 19:27:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2016.07.14 19:23:03 | 000,000,000 | ---D | M]
 
[2012.07.17 22:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions
[2012.07.17 22:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2016.06.04 15:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions
[2016.06.04 15:54:59 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2016.05.25 18:05:16 | 009,296,122 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\adblockultimate@adblockultimate.net.xpi
[2011.12.20 00:02:38 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\DivXWebPlayer@divx.com.xpi
[2016.05.25 18:04:44 | 001,036,367 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016.07.14 19:23:14 | 000,006,260 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\features\{b12b66a5-3381-4629-9ab6-e08ad12f2106}\e10srollout@mozilla.org.xpi
[2016.07.14 19:23:17 | 000,686,164 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\features\{b12b66a5-3381-4629-9ab6-e08ad12f2106}\firefox@getpocket.com.xpi
[2016.07.14 19:23:26 | 001,696,657 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\features\{b12b66a5-3381-4629-9ab6-e08ad12f2106}\loop@mozilla.org.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: delta-homes (Enabled)
CHR - default_search_provider: search_url = hxxp://search.delta-homes.com/web/?type=ds&ts=1420216200&from=wpm12233&uid=ST3250410AS_6RYDQCVAXXXX6RYDQCVA&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Web (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Web (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Web (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Web (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Web (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Web (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Web (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Web (Enabled) = internal-remoting-viewer
CHR - plugin: Web (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Web (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Web (Enabled) = default_plugin
CHR - Extension: Web = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Web = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2016.06.04 17:43:31 | 000,452,796 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 15542 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {451C804F-C205-4F03-B48E-537EC94937BF} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.96.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFA62AF0-8897-4EE3-935A-CBFE51312FB8}: DhcpNameServer = 80.69.96.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D04614AF-4B76-41BC-B65A-9CB86445D051}: DhcpNameServer = 80.69.96.12 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cd3a3ad1-9334-11e2-9c67-001fd022f457}\Shell - "" = AutoRun
O33 - MountPoints2\{cd3a3ad1-9334-11e2-9c67-001fd022f457}\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016.08.22 13:10:48 | 000,000,000 | ---D | C] -- C:\FRST
[2016.08.22 13:09:44 | 002,396,672 | ---- | C] (Farbar) -- C:\Users\xxx\Desktop\FRST64.exe
[2016.08.22 10:58:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2016.08.22 10:34:30 | 000,079,064 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\sdswo.sys
[2016.08.22 09:08:20 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.08.22 09:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016.08.22 09:07:34 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016.08.22 09:07:34 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016.08.22 09:07:34 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016.08.22 09:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016.08.22 09:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016.08.16 16:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2016.08.16 16:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2016.08.16 16:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2016.08.01 18:12:13 | 001,030,400 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2016.08.01 18:12:13 | 000,082,544 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2016.07.29 17:31:30 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2016.07.29 17:31:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016.07.29 17:31:29 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016.07.29 17:31:29 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016.07.29 17:31:29 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016.07.29 17:31:29 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016.07.29 17:31:29 | 000,249,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2016.07.29 17:31:29 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2016.07.29 17:31:29 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2016.07.29 17:31:29 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016.07.29 17:31:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016.07.29 17:31:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016.07.29 17:31:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016.07.29 17:31:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016.07.29 17:31:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016.07.29 17:31:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016.07.29 17:31:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016.07.29 17:31:28 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016.07.29 17:31:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016.07.29 17:31:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016.07.29 17:31:28 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016.07.29 17:31:24 | 000,382,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016.07.29 17:31:24 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016.07.29 17:31:24 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016.07.29 17:31:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016.07.29 17:31:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016.07.29 17:31:23 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2016.07.29 17:31:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016.07.29 17:31:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016.07.29 17:31:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016.07.29 17:31:21 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2016.07.29 17:31:21 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2016.07.29 17:31:21 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netbtugc.exe
[2016.07.29 17:31:18 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\polstore.dll
[2016.07.29 17:31:18 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2016.07.29 17:31:18 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winipsec.dll
[2016.07.29 17:31:18 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2016.07.29 17:31:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2016.07.29 17:31:18 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2016.07.29 17:31:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2016.07.29 17:31:15 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2016.07.29 17:31:15 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2016.07.29 17:31:15 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2016.07.29 17:31:13 | 003,231,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2016.07.29 17:31:13 | 002,973,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2016.07.29 17:31:12 | 001,867,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2016.07.29 17:31:12 | 001,499,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2016.07.29 17:31:07 | 003,243,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2016.07.29 17:31:07 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2016.07.29 17:31:07 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2016.07.29 17:31:07 | 000,114,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2016.07.29 17:31:06 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2016.07.29 17:31:06 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2016.07.29 17:31:06 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2016.07.29 17:31:06 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2016.07.29 17:31:02 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016.07.29 17:31:02 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016.07.29 17:31:02 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016.07.29 17:31:02 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016.07.29 17:31:02 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016.07.29 17:31:02 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016.07.29 17:31:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016.07.29 17:31:02 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016.07.29 17:31:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016.07.29 17:31:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016.07.29 17:31:01 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016.07.29 17:31:01 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016.07.29 17:31:01 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016.07.29 17:31:00 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016.07.29 17:31:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016.07.29 17:30:59 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016.07.29 17:30:59 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016.07.29 17:30:59 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016.07.29 17:30:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016.07.29 17:30:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016.07.29 17:30:58 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016.07.29 17:30:58 | 000,806,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016.07.29 17:30:58 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016.07.29 17:30:58 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016.07.29 17:30:57 | 002,131,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016.07.29 17:30:57 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016.07.29 17:30:57 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016.07.29 17:30:56 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016.07.29 17:30:56 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016.07.29 17:30:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016.07.29 17:30:55 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016.07.29 17:30:55 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016.07.29 17:30:55 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016.07.29 17:30:54 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016.07.29 17:30:54 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016.07.29 17:30:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016.07.29 17:30:53 | 006,051,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016.07.29 17:30:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016.07.29 17:30:53 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016.07.29 17:30:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016.07.29 17:30:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016.07.29 17:30:52 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016.07.29 17:30:52 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016.07.29 16:17:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\FreemakeVideoConverter
[2016.07.29 15:02:21 | 006,079,168 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016.08.22 13:25:41 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.08.22 13:09:44 | 002,396,672 | ---- | M] (Farbar) -- C:\Users\xxx\Desktop\FRST64.exe
[2016.08.22 12:48:24 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA.job
[2016.08.22 12:30:23 | 000,001,371 | ---- | M] () -- C:\Users\xxx\Desktop\Lebensthema Adoption- August 2016 - Verknüpfung.lnk
[2016.08.22 10:58:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2016.08.22 10:34:30 | 000,079,064 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\sdswo.sys
[2016.08.22 09:07:42 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016.08.22 08:13:27 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.08.22 08:13:27 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.08.22 06:53:21 | 001,620,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.08.22 06:53:21 | 000,699,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2016.08.22 06:53:21 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.08.22 06:53:21 | 000,149,572 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2016.08.22 06:53:21 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.08.22 06:48:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.08.16 17:25:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016.08.16 16:32:46 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2016.08.08 19:04:08 | 000,004,318 | ---- | M] () -- C:\Windows\wininit.ini
[2016.08.08 18:24:23 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2016.08.01 18:14:26 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 3.lnk
[2016.08.01 18:12:13 | 001,030,400 | ---- | M] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2016.08.01 18:12:13 | 000,116,304 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2016.08.01 18:12:13 | 000,082,544 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2016.07.30 15:30:57 | 000,288,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016.07.29 16:15:34 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2016.07.29 15:02:39 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016.07.29 15:02:39 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016.07.29 15:02:23 | 006,079,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2016.07.29 14:43:50 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016.08.22 12:30:23 | 000,001,371 | ---- | C] () -- C:\Users\xxx\Desktop\Lebensthema Adoption- August 2016 - Verknüpfung.lnk
[2016.08.22 09:07:42 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016.08.16 16:32:46 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2016.02.05 22:24:47 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
[2016.01.31 22:33:07 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2016.01.31 22:33:05 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2016.01.31 22:33:01 | 000,189,952 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2013.02.11 20:14:54 | 000,005,632 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.16 20:41:22 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.11.16 18:41:15 | 000,007,636 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.04.09 08:58:02 | 014,186,496 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.04.09 08:54:53 | 012,881,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:63B15221B785E713
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34

< End of report >
--- --- ---


FRST Additions Logfile:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
durchgeführt von xxx (22-08-2016 13:11:26)
Gestartet von C:\Users\xxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-11-15 18:35:28)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1049672758-3464604034-341253259-500 - Administrator - Disabled)
Gast (S-1-5-21-1049672758-3464604034-341253259-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1049672758-3464604034-341253259-1002 - Limited - Enabled)
xxx (S-1-5-21-1049672758-3464604034-341253259-1000 - Administrator - Enabled) => C:\Users\xxx

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Amazon Amazon Music) (Version: 3.11.5.1140 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty Modern Warfare 3 (c) Activision version 1 (HKLM-x32\...\Call of Duty Modern Warfare 3 (c) Activision_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Garmin BaseCamp (HKLM-x32\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
G-Force (HKLM-x32\...\G-Force) (Version: 5.2 - SoundSpectrum)
Google Chrome (HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 de)) (Version: 45.0 - Mozilla)
Mozilla Firefox 47.0.1 (x86 de) (HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
SoftSkies (HKLM-x32\...\SoftSkies) (Version: 1.7 - SoundSpectrum)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1049672758-3464604034-341253259-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1049672758-3464604034-341253259-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {038F85B7-D443-46F9-9DBD-7621199E7B3B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-29] (Adobe Systems Incorporated)
Task: {051C49EC-9DE3-425A-8A00-6B33EB1E44E8} - System32\Tasks\{80E2F559-4181-4032-B4F8-50DE9F06A4FB} => pcalua.exe -a "D:\Programme\Project Snowblind\uninstsb.exe" -d "D:\Programme\Project Snowblind"
Task: {130841FD-AF76-4038-9705-D847E3C896A9} - System32\Tasks\Uninstaller_SkipUac_ xxx => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {14193E98-13E1-4A0C-9F42-F9103150EAB5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-07-31] ()
Task: {184603E1-9673-466C-B7B0-D4EC6332A8E0} - System32\Tasks\{CD5005BA-B671-42D7-9B0A-BD2D4092031B} => pcalua.exe -a "C:\Users\xxx\Downloads\64bit_Vista_Win7_R266.exe" -d "C:\Users\xxx\Desktop"
Task: {249D6CC3-C0BC-4C91-A081-2F57DC3F25B5} - System32\Tasks\{8525A83D-7BA9-4BC6-8714-6F26F8A9C2B3} => pcalua.exe -a D:\Programme\IrfanView\iv_uninstall.exe -d D:\Programme\IrfanView
Task: {258FF4DA-775F-4C45-9CE7-50737CD779A5} - System32\Tasks\Express DownloaderUpdate => C:\Program Files (x86)\ExpressDownloader\EDUpdater.exe
Task: {2C44664B-DDE2-432A-AAF3-A3AC035A0E14} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {2CED37EA-7F99-45A6-BE8E-90BB256EB1ED} - System32\Tasks\{D6DFD02C-99DB-47F3-826E-262741F0F6AE} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {3A0A7C04-94AA-4AA0-8006-64F35D1216CE} - System32\Tasks\Driver Booster SkipUAC (xxx) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)
Task: {3E835A89-B594-4236-89D0-ADF65C2ECC35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {46463771-F7BF-4945-8F61-FB4F1E83F90B} - System32\Tasks\{5F43D822-B02D-43A0-ADE1-A6EC4E4C4D89} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {4997A0F2-371A-401F-8101-04BD0925E6DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {60B2CCD5-874D-4DE3-9073-0E281BD2DFEA} - System32\Tasks\{629107D0-E547-4569-9CA9-2B0642FF287A} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {66A58A18-7013-4574-81A8-54B554A17E23} - System32\Tasks\{E302C280-361F-40AE-AE13-84F8FA4D447B} => C:\Users\xxx\Downloads\Realtek\Setup.exe
Task: {694850C6-43AC-4A2C-8F6F-96A8EEC77B9B} - System32\Tasks\{12C8FED8-2409-4259-863C-8B98DDA1414C} => pcalua.exe -a "D:\Program Files (x86)\LucasFan Games\MMD\winsetup.exe" -d "D:\Program Files (x86)\LucasFan Games\MMD"
Task: {6D7E128F-6D2A-4CF2-9D9F-F282E8B99F88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {6F5FE2A2-E6D7-4F23-8794-55808FC8EF9D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {71A480A8-D0E6-454E-B2DD-F06CFB303787} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {73E0343E-F416-4225-BD8A-51D9E013C698} - System32\Tasks\{61C64531-A760-4D02-AB1D-EC0E8D0775A7} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {79BCCCF4-FAEE-466C-A4EA-C13316185A04} - System32\Tasks\{6C85F062-8551-4132-B974-7612D0CDC5E2} => pcalua.exe -a "D:\Games\Drug Lord 2\Drug Lord 2\Drug Lord 2\druglord2.exe"
Task: {7E0DBDAD-9E6D-405B-9979-3BDABF29AF90} - System32\Tasks\{B5C48E0F-524A-4BB1-9D87-E6B34A55D12D} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {7F4667C4-68A7-49E5-BB8A-F08C4F182BAC} - System32\Tasks\Google Updater and Installer => C:\Users\Oliver Ortschwager\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {82074290-ED60-4E01-B577-F92757F8C1A6} - System32\Tasks\{D2CEF108-4754-487D-919E-CF842379929C} => pcalua.exe -a "C:\Users\xxx\Downloads\DeepBurner19.exe" -d "D:\Program Files (x86)\Mozilla Firefox"
Task: {824665AB-CD18-4E55-BE80-A37448FAACAB} - System32\Tasks\{649A3D18-779D-4F76-8F5F-8DBC8F6849FB} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {85BD28BA-E122-4BB9-8530-10429C3027D9} - System32\Tasks\{D59B8082-C7E3-49CA-98E9-9385512697D2} => D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
Task: {97F68256-E93A-4345-A2D4-2527FCC0B0FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A8FF540C-A93B-4C95-A649-1697778BBC40} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {AF0546B9-F35D-4002-BE6A-B59B3FA75725} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B6136BA8-0BCF-433B-AAA5-1B26D5C60F68} - System32\Tasks\{8A12A290-7723-4267-B995-0EA8999FFB54} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {B685D8EE-A04C-4438-A159-E56975F56965} - System32\Tasks\{B942B6F9-C2E7-448F-94E6-F15D5A19275A} => D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
Task: {BBA99E95-33ED-453F-93DA-301FE8F256D1} - System32\Tasks\{70295AA1-168A-4E81-AD42-B6A0351E9320} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {BBDCCD7B-8147-4F84-8453-66DE8B515EF8} - System32\Tasks\{5BD8F020-73B8-4605-814D-94B1FA28578E} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {BD09EB50-D668-4ADE-900F-14E22DCECCD5} - System32\Tasks\{B5AA7BF5-5B7C-410D-9FE3-8A9362B30380} => pcalua.exe -a "D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe"
Task: {BF07987C-F0D5-405A-945E-DC614ADB9726} - System32\Tasks\{02E651CF-0BB1-4F61-9018-882BBC70C703} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {CA2A6535-6BC3-4374-8D5D-B828B283B509} - System32\Tasks\{9485ED37-A2B3-410F-AEC9-5004E633C82F} => pcalua.exe -a "C:\Users\Oliver Ortschwager\Downloads\avm_fritz!wlan_usb_stick_n_v2_x64_build_141114.exe" -d "C:\Users\xxx\Downloads"
Task: {E1DF450E-0DDB-4CF0-8B19-670D42E755C3} - System32\Tasks\{642E804F-7ACD-4B92-A372-3FDFD83F0A02} => C:\Users\ Downloads\driverperformer_Zsetup.exe
Task: {E3FD2198-BFAE-4A50-9175-6951365193F0} - System32\Tasks\{EC03D0F9-E9F0-41B6-910D-11BB45B55974} => pcalua.exe -a D:\Programme\AntiTwin\uninstall.exe -d D:\Programme\AntiTwin
Task: {E78AEA73-7D37-4E6E-9A8B-74D030F142C6} - System32\Tasks\{FD00141B-5411-4ADD-942B-C3412F7AA273} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {E8967632-81FA-464C-9DA8-C3D987ED29AE} - System32\Tasks\{5E0FA113-EEDE-4270-A2F1-5E8BB88EFF62} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {EE6F0E03-2840-493C-99BE-D595190A10CD} - System32\Tasks\{FAC2D29A-D1E2-40A2-9509-67F9788471F3} => pcalua.exe -a "D:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/8720
Task: {F225541A-45DE-4A51-888F-BF609BAFD675} - System32\Tasks\{66F213FA-5F7E-46F8-B15A-CA7B87BE3682} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {F37AF6AA-2BD5-4D66-98E6-204D5F9F05BB} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-18] (IObit)
Task: {F9325525-568D-4734-8689-11F7B8D5A07C} - System32\Tasks\{C13A2D43-B78F-452F-8459-E81824520FA0} => C:\Users\xxx\Downloads\Realtek\Setup.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{C57F56C8-1A69-4A45-88F0-953B7BFE6D75}\SupportTasks\1\Support.lnk -> hxxp://www.activision.com/support/
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{C57F56C8-1A69-4A45-88F0-953B7BFE6D75}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.doom3.com/
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.com

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-18 16:22 - 2011-11-18 16:22 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-07-31 14:54 - 2016-07-31 14:54 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:63B15221B785E713 [50]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7904 mehr Seiten.

IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7904 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-06-04 17:43 - 00452796 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15533 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1049672758-3464604034-341253259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Oliver Ortschwager\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.69.96.12 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Amazon Music => "C:\Users\xxx\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Seven => C:\Program Files\PDFSeven\PDF.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: Remote Mouse => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{7A1C9568-863A-433D-A73E-DF84714A6E0A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0AE248BC-994D-4800-9D93-10EEF9F6BB7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{94A491C0-3F8B-4005-8AD0-FAC7F94F38C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F4DA0E9A-AF6C-4EAB-9D95-FAA2A26884A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{A68F6169-C078-4C23-A730-7DDFDEE2F8BD}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [UDP Query User{33A82EEC-84FC-48E6-B6C6-1EE10B1727BC}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [{CC6E2B6F-00BE-4F1E-8D4A-C334CA976CD7}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{79A7C4B7-4595-40C4-9F8E-E693AB1F3349}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [TCP Query User{8FF81CDD-FF97-4845-88AA-4CCBC5D6AF26}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [UDP Query User{3BA0E9DF-F139-44F9-8178-14C506FA70AB}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [{8E00F52F-D17C-4E32-BA91-610EFBCE898E}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D6ED88B-C233-4BD6-8B7B-CD058423A302}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F346CEC1-2A27-4587-B672-B42CC180A077}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{5DE01AE3-F3AD-4CFC-8576-AA615F288907}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [TCP Query User{1D28A62A-1970-4D56-91A5-5E79F9BF58E5}C:\program files (x86)\remote mouse\remotemouse.exe] => (Block) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{A09EFC00-8EE2-453D-8B45-4AE97E13870C}C:\program files (x86)\remote mouse\remotemouse.exe] => (Block) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{86848C9B-1CC3-4795-876A-B17A5FEC0357}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EF22B12B-DEA2-4166-BD96-92152E46129B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6F437C01-FC66-48CF-809F-AC7AE869EBCD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7A11B7A1-118D-4C0B-B680-4731412884EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{090E89BB-94FD-46D9-B773-61758D54B93C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{B36DEA36-6D58-4E98-8A41-D554979EAA2C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{E254FD86-103D-4AD7-A74A-2DCAE5004973}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5A6F2BC6-21CF-494E-A169-1DE099DB25D1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{7D64118F-A62A-4A73-9A28-1C12E9E355C7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{49F7BE2B-1D34-4E96-8D33-AA6BAEBE1951}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{353ED2C4-523D-4F7E-AB94-A5C3233786DA}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/22/2016 06:50:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 10:08:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 07:00:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/21/2016 06:38:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 06:10:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 05:35:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/16/2016 05:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 04:49:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 04:13:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2016 06:32:17 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Falscher Parameter. (0x80070057)"


Systemfehler:
=============
Error: (08/21/2016 06:10:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/21/2016 06:10:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Device Interaction Service erreicht.

Error: (08/21/2016 06:09:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/21/2016 06:09:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Freemake Improver erreicht.

Error: (08/16/2016 05:25:31 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000119 (0x0000000000000001, 0x000000000002bbac, 0x000000000002bbae, 0x000000000002bbad)C:\Windows\MEMORY.DMP081616-56503-01

Error: (08/16/2016 05:25:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎08.‎2016 um 17:22:05 unerwartet heruntergefahren.

Error: (08/16/2016 04:51:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (08/16/2016 04:48:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎08.‎2016 um 16:45:51 unerwartet heruntergefahren.

Error: (08/16/2016 04:39:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.

Error: (08/16/2016 04:39:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 8190.3 MB
Verfügbarer physikalischer RAM: 5262.54 MB
Summe virtueller Speicher: 16378.79 MB
Verfügbarer virtueller Speicher: 13690.05 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:46.58 GB) (Free:3.02 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:186.3 GB) (Free:71.31 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 17AC17AB)
Partition 1: (Active) - (Size=46.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=186.3 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================
--- --- ---

siddi 22.08.2016 13:14
FRST Logfile
 

FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
durchgeführt von xxx (Administrator) auf GRAND-O-MAT (22-08-2016 13:10:54)
Gestartet von C:\Users\xxx\Desktop
Geladene Profile:xxx (Verfügbare Profile: xxx & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVM Berlin) C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OldTimer Tools) C:\Users\xxx\Desktop\OTL.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-06-04] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe [937984 2014-11-21] (AVM Berlin)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\MountPoints2: {cd3a3ad1-9334-11e2-9c67-001fd022f457} - H:\pushinst.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 192.168.0.1
Tcpip\..\Interfaces\{CFA62AF0-8897-4EE3-935A-CBFE51312FB8}: [DhcpNameServer] 80.69.96.12 192.168.0.1
Tcpip\..\Interfaces\{D04614AF-4B76-41BC-B65A-9CB86445D051}: [DhcpNameServer] 80.69.96.12 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1049672758-3464604034-341253259-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: Kein Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-23] (Oracle Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default
FF DefaultSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-29] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1049672758-3464604034-341253259-1000: @tools.google.com/Google Update;version=3 -> C:\Users\xxx \AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1049672758-3464604034-341253259-1000: @tools.google.com/Google Update;version=9 -> C:\Users\xxx \AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Extension: Garmin Communicator - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-06-04]
FF Extension: AdBlocker Ultimate - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-05-25]
FF Extension: DivX Web Player - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-12-20] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-25]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-07-19] (Freemake) [Datei ist nicht signiert]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-11-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-31] (REALiX(tm))
U0 kgajwlyu; C:\Windows\System32\drivers\sdswo.sys [79064 2016-08-22] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 cpuz130; \??\C:\Users\OLIVER~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-22 13:10 - 2016-08-22 13:11 - 00011705 _____ C:\Users\xxx \Desktop\FRST.txt
2016-08-22 13:10 - 2016-08-22 13:10 - 00000000 ____D C:\FRST
2016-08-22 13:09 - 2016-08-22 13:09 - 02396672 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2016-08-22 12:30 - 2016-08-22 12:30 - 00001371 _____ C:\Users\xxx\Desktop\Lebensthema Adoption- August 2016 - Verknüpfung.lnk
2016-08-22 10:58 - 2016-08-22 10:58 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Desktop\OTL.exe
2016-08-22 10:34 - 2016-08-22 10:34 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\sdswo.sys
2016-08-22 09:08 - 2016-08-22 09:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-22 09:07 - 2016-08-22 09:07 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-22 09:07 - 2016-08-22 09:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-22 09:07 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-22 09:07 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-22 09:07 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-22 09:06 - 2016-08-22 09:06 - 22851472 _____ (Malwarebytes ) C:\Users\xxx\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-16 17:25 - 2016-08-16 17:25 - 00274304 _____ C:\Windows\Minidump\081616-56503-01.dmp
2016-08-16 16:32 - 2016-08-16 16:32 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-16 16:31 - 2016-08-16 16:32 - 00000000 ____D C:\Program Files\iTunes
2016-08-16 16:31 - 2016-08-16 16:31 - 00000000 ____D C:\Program Files\iPod
2016-08-01 18:12 - 2016-08-01 18:12 - 01030400 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-08-01 18:12 - 2016-08-01 18:12 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-07-29 17:31 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-29 17:31 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-29 17:31 - 2016-05-21 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-29 17:31 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-29 17:31 - 2016-05-21 00:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-29 17:31 - 2016-05-20 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-29 17:31 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-29 17:31 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-29 17:31 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-29 17:31 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-29 17:31 - 2016-05-20 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-29 17:31 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-29 17:31 - 2016-05-20 23:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-29 17:31 - 2016-05-20 23:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-29 17:31 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-29 17:31 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-29 17:31 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-29 17:31 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-29 17:31 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-29 17:31 - 2016-05-20 23:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-29 17:31 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-29 17:31 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-29 17:31 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-29 17:31 - 2016-05-18 18:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-29 17:31 - 2016-05-18 18:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-29 17:31 - 2016-05-14 00:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-29 17:31 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-29 17:31 - 2016-05-13 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-29 17:31 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-29 17:31 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-29 17:31 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-29 17:31 - 2016-05-12 19:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-29 17:31 - 2016-05-12 19:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-29 17:31 - 2016-05-12 19:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-29 17:31 - 2016-05-12 19:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-07-29 17:31 - 2016-05-12 17:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-29 17:31 - 2016-05-12 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-29 17:31 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-29 17:31 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-29 17:31 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-29 17:31 - 2016-05-12 15:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-29 17:31 - 2016-05-12 15:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-29 17:31 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-29 17:31 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-29 17:31 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-29 17:31 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-29 17:31 - 2016-04-14 18:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-07-29 17:31 - 2016-04-14 18:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-07-29 17:31 - 2016-04-14 17:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-29 17:31 - 2016-04-14 17:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-29 17:31 - 2016-04-09 08:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-29 17:31 - 2016-04-09 08:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-29 17:31 - 2016-04-09 08:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-29 17:31 - 2016-04-09 08:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-07-29 17:31 - 2016-04-09 07:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-29 17:31 - 2016-04-09 07:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-07-29 17:31 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-29 17:31 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-07-29 17:30 - 2016-05-24 01:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-29 17:30 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-29 17:30 - 2016-05-21 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-29 17:30 - 2016-05-21 00:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-29 17:30 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-29 17:30 - 2016-05-21 00:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-29 17:30 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-29 17:30 - 2016-05-21 00:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-29 17:30 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-29 17:30 - 2016-05-21 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-29 17:30 - 2016-05-20 23:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-29 17:30 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-29 17:30 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-29 17:30 - 2016-05-20 23:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-29 17:30 - 2016-05-20 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-29 17:30 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-29 17:30 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-29 17:30 - 2016-05-20 23:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-29 17:30 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-29 17:30 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-29 17:30 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-29 17:30 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-29 17:30 - 2016-05-20 23:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-29 17:30 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-29 17:30 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-29 17:30 - 2016-05-20 23:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-29 17:30 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-29 17:30 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-29 17:30 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-29 17:30 - 2016-05-20 23:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-29 17:30 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-29 17:30 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-29 17:30 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-29 17:30 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-29 17:30 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-29 17:30 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-29 17:30 - 2016-05-20 23:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-29 17:30 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-29 17:30 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-29 17:30 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-29 17:30 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-29 17:30 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-29 17:30 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-29 16:17 - 2016-07-29 16:17 - 00000000 ____D C:\Users\xxx\AppData\Local\FreemakeVideoConverter
2016-07-29 15:02 - 2016-07-29 15:02 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-29 14:55 - 2016-07-29 14:55 - 00000000 ____D C:\Users\xxx\AppData\LocalLow\Oracle

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-22 12:48 - 2012-07-09 23:36 - 00001172 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA.job
2016-08-22 10:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas
2016-08-22 08:13 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-22 08:13 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-22 06:53 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat
2016-08-22 06:53 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat
2016-08-22 06:53 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-22 06:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-22 06:51 - 2014-07-11 18:38 - 00002906 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (xxx)
2016-08-22 06:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-16 17:25 - 2013-03-10 15:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-16 17:25 - 2011-12-15 20:31 - 00000000 ____D C:\Windows\Minidump
2016-08-16 16:58 - 2016-04-15 14:07 - 00003556 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-08-16 16:58 - 2013-11-21 22:29 - 00003920 _____ C:\Windows\System32\Tasks\Google Updater and Installer
2016-08-16 16:58 - 2013-03-10 15:06 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-08-16 16:58 - 2012-09-30 22:12 - 00003136 _____ C:\Windows\System32\Tasks\Express DownloaderUpdate
2016-08-16 16:31 - 2014-02-28 18:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-16 16:31 - 2013-12-16 13:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-16 16:11 - 2013-10-19 01:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-08 19:05 - 2011-11-24 01:17 - 00000000 ___DC C:\Users\xxx AppData\Local\MigWiz
2016-08-08 19:04 - 2014-01-26 01:29 - 00004318 _____ C:\Windows\wininit.ini
2016-08-08 18:25 - 2011-12-23 19:51 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-08-08 18:24 - 2016-04-15 14:07 - 00001850 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-08-01 18:14 - 2016-07-02 18:14 - 00002124 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-08-01 18:12 - 2013-10-19 01:32 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-07-30 15:30 - 2014-09-26 13:43 - 00288120 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-29 20:45 - 2013-07-25 18:46 - 00000000 ____D C:\Windows\system32\MRT
2016-07-29 20:41 - 2011-11-16 18:39 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-29 20:40 - 2013-03-14 02:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-29 20:40 - 2013-03-14 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-29 16:15 - 2016-02-05 22:44 - 00001060 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-07-29 15:02 - 2012-03-30 12:55 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-29 15:02 - 2011-11-16 00:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-29 14:43 - 2012-07-09 23:36 - 00004168 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA
2016-07-29 14:43 - 2012-07-09 23:36 - 00003772 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core
2016-07-29 14:43 - 2012-07-09 23:36 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core.job
2016-07-27 21:25 - 2010-11-21 05:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-02-11 20:14 - 2013-07-09 13:01 - 0005632 _____ () C:\Users\xxx \AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-16 18:41 - 2012-10-09 22:52 - 0007636 _____ () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
2012-01-16 20:41 - 2012-01-16 20:41 - 0000041 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-15 15:29

==================== Ende von FRST.txt ============================
--- --- ---

cosinus 22.08.2016 13:16
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

siddi 22.08.2016 15:38
Ich habe "Combofix" nach Anleitung durchlaufen lassen, bis dahin hab ich alles verstanden.
Der Rest ist mir irgendwie nicht schlüssig. ^^ Bei der Codebox lässt sich nichts Kopieren, obwohl sich was Markieren lässt, sehe aber nichts.

Habe von Combofix nun die Auswertung aber komm nicht wirklich klar, mir ist Combofix noch nicht geläufig.
... Als Logdatei speichern und in die Exe reinziehen und erneut dann starten?

cosinus 22.08.2016 17:11
Verdammt :stirn: ich hab mich hier voll bei einem meiner Bausteinen verklickt, habs korrigiert.

siddi 22.08.2016 17:52
Malwarebytes Anti-Rootkit <--- mit dem ausführen des Updates nichts gefunden, das gefällt mir schon mal sehr gut!


Hier dann 2 Logdatein von 3.


Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
durchgeführt von xxx (22-08-2016 13:11:26)
Gestartet von C:\Users\xxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-11-15 18:35:28)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1049672758-3464604034-341253259-500 - Administrator - Disabled)
Gast (S-1-5-21-1049672758-3464604034-341253259-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1049672758-3464604034-341253259-1002 - Limited - Enabled)
xxx (S-1-5-21-1049672758-3464604034-341253259-1000 - Administrator - Enabled) => C:\Users\xxx

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Amazon Amazon Music) (Version: 3.11.5.1140 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty Modern Warfare 3 (c) Activision version 1 (HKLM-x32\...\Call of Duty Modern Warfare 3 (c) Activision_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Garmin BaseCamp (HKLM-x32\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
G-Force (HKLM-x32\...\G-Force) (Version: 5.2 - SoundSpectrum)
Google Chrome (HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 de)) (Version: 45.0 - Mozilla)
Mozilla Firefox 47.0.1 (x86 de) (HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
SoftSkies (HKLM-x32\...\SoftSkies) (Version: 1.7 - SoundSpectrum)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1049672758-3464604034-341253259-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1049672758-3464604034-341253259-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {038F85B7-D443-46F9-9DBD-7621199E7B3B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-29] (Adobe Systems Incorporated)
Task: {051C49EC-9DE3-425A-8A00-6B33EB1E44E8} - System32\Tasks\{80E2F559-4181-4032-B4F8-50DE9F06A4FB} => pcalua.exe -a "D:\Programme\Project Snowblind\uninstsb.exe" -d "D:\Programme\Project Snowblind"
Task: {130841FD-AF76-4038-9705-D847E3C896A9} - System32\Tasks\Uninstaller_SkipUac_ xxx => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {14193E98-13E1-4A0C-9F42-F9103150EAB5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-07-31] ()
Task: {184603E1-9673-466C-B7B0-D4EC6332A8E0} - System32\Tasks\{CD5005BA-B671-42D7-9B0A-BD2D4092031B} => pcalua.exe -a "C:\Users\xxx\Downloads\64bit_Vista_Win7_R266.exe" -d "C:\Users\xxx\Desktop"
Task: {249D6CC3-C0BC-4C91-A081-2F57DC3F25B5} - System32\Tasks\{8525A83D-7BA9-4BC6-8714-6F26F8A9C2B3} => pcalua.exe -a D:\Programme\IrfanView\iv_uninstall.exe -d D:\Programme\IrfanView
Task: {258FF4DA-775F-4C45-9CE7-50737CD779A5} - System32\Tasks\Express DownloaderUpdate => C:\Program Files (x86)\ExpressDownloader\EDUpdater.exe
Task: {2C44664B-DDE2-432A-AAF3-A3AC035A0E14} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {2CED37EA-7F99-45A6-BE8E-90BB256EB1ED} - System32\Tasks\{D6DFD02C-99DB-47F3-826E-262741F0F6AE} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {3A0A7C04-94AA-4AA0-8006-64F35D1216CE} - System32\Tasks\Driver Booster SkipUAC (xxx) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)
Task: {3E835A89-B594-4236-89D0-ADF65C2ECC35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {46463771-F7BF-4945-8F61-FB4F1E83F90B} - System32\Tasks\{5F43D822-B02D-43A0-ADE1-A6EC4E4C4D89} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {4997A0F2-371A-401F-8101-04BD0925E6DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {60B2CCD5-874D-4DE3-9073-0E281BD2DFEA} - System32\Tasks\{629107D0-E547-4569-9CA9-2B0642FF287A} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {66A58A18-7013-4574-81A8-54B554A17E23} - System32\Tasks\{E302C280-361F-40AE-AE13-84F8FA4D447B} => C:\Users\xxx\Downloads\Realtek\Setup.exe
Task: {694850C6-43AC-4A2C-8F6F-96A8EEC77B9B} - System32\Tasks\{12C8FED8-2409-4259-863C-8B98DDA1414C} => pcalua.exe -a "D:\Program Files (x86)\LucasFan Games\MMD\winsetup.exe" -d "D:\Program Files (x86)\LucasFan Games\MMD"
Task: {6D7E128F-6D2A-4CF2-9D9F-F282E8B99F88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {6F5FE2A2-E6D7-4F23-8794-55808FC8EF9D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {71A480A8-D0E6-454E-B2DD-F06CFB303787} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {73E0343E-F416-4225-BD8A-51D9E013C698} - System32\Tasks\{61C64531-A760-4D02-AB1D-EC0E8D0775A7} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {79BCCCF4-FAEE-466C-A4EA-C13316185A04} - System32\Tasks\{6C85F062-8551-4132-B974-7612D0CDC5E2} => pcalua.exe -a "D:\Games\Drug Lord 2\Drug Lord 2\Drug Lord 2\druglord2.exe"
Task: {7E0DBDAD-9E6D-405B-9979-3BDABF29AF90} - System32\Tasks\{B5C48E0F-524A-4BB1-9D87-E6B34A55D12D} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {7F4667C4-68A7-49E5-BB8A-F08C4F182BAC} - System32\Tasks\Google Updater and Installer => C:\Users\Oliver Ortschwager\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {82074290-ED60-4E01-B577-F92757F8C1A6} - System32\Tasks\{D2CEF108-4754-487D-919E-CF842379929C} => pcalua.exe -a "C:\Users\xxx\Downloads\DeepBurner19.exe" -d "D:\Program Files (x86)\Mozilla Firefox"
Task: {824665AB-CD18-4E55-BE80-A37448FAACAB} - System32\Tasks\{649A3D18-779D-4F76-8F5F-8DBC8F6849FB} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {85BD28BA-E122-4BB9-8530-10429C3027D9} - System32\Tasks\{D59B8082-C7E3-49CA-98E9-9385512697D2} => D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
Task: {97F68256-E93A-4345-A2D4-2527FCC0B0FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A8FF540C-A93B-4C95-A649-1697778BBC40} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {AF0546B9-F35D-4002-BE6A-B59B3FA75725} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B6136BA8-0BCF-433B-AAA5-1B26D5C60F68} - System32\Tasks\{8A12A290-7723-4267-B995-0EA8999FFB54} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {B685D8EE-A04C-4438-A159-E56975F56965} - System32\Tasks\{B942B6F9-C2E7-448F-94E6-F15D5A19275A} => D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
Task: {BBA99E95-33ED-453F-93DA-301FE8F256D1} - System32\Tasks\{70295AA1-168A-4E81-AD42-B6A0351E9320} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {BBDCCD7B-8147-4F84-8453-66DE8B515EF8} - System32\Tasks\{5BD8F020-73B8-4605-814D-94B1FA28578E} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {BD09EB50-D668-4ADE-900F-14E22DCECCD5} - System32\Tasks\{B5AA7BF5-5B7C-410D-9FE3-8A9362B30380} => pcalua.exe -a "D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe"
Task: {BF07987C-F0D5-405A-945E-DC614ADB9726} - System32\Tasks\{02E651CF-0BB1-4F61-9018-882BBC70C703} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {CA2A6535-6BC3-4374-8D5D-B828B283B509} - System32\Tasks\{9485ED37-A2B3-410F-AEC9-5004E633C82F} => pcalua.exe -a "C:\Users\Oliver Ortschwager\Downloads\avm_fritz!wlan_usb_stick_n_v2_x64_build_141114.exe" -d "C:\Users\xxx\Downloads"
Task: {E1DF450E-0DDB-4CF0-8B19-670D42E755C3} - System32\Tasks\{642E804F-7ACD-4B92-A372-3FDFD83F0A02} => C:\Users\ Downloads\driverperformer_Zsetup.exe
Task: {E3FD2198-BFAE-4A50-9175-6951365193F0} - System32\Tasks\{EC03D0F9-E9F0-41B6-910D-11BB45B55974} => pcalua.exe -a D:\Programme\AntiTwin\uninstall.exe -d D:\Programme\AntiTwin
Task: {E78AEA73-7D37-4E6E-9A8B-74D030F142C6} - System32\Tasks\{FD00141B-5411-4ADD-942B-C3412F7AA273} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {E8967632-81FA-464C-9DA8-C3D987ED29AE} - System32\Tasks\{5E0FA113-EEDE-4270-A2F1-5E8BB88EFF62} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {EE6F0E03-2840-493C-99BE-D595190A10CD} - System32\Tasks\{FAC2D29A-D1E2-40A2-9509-67F9788471F3} => pcalua.exe -a "D:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/8720
Task: {F225541A-45DE-4A51-888F-BF609BAFD675} - System32\Tasks\{66F213FA-5F7E-46F8-B15A-CA7B87BE3682} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {F37AF6AA-2BD5-4D66-98E6-204D5F9F05BB} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-18] (IObit)
Task: {F9325525-568D-4734-8689-11F7B8D5A07C} - System32\Tasks\{C13A2D43-B78F-452F-8459-E81824520FA0} => C:\Users\xxx\Downloads\Realtek\Setup.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{C57F56C8-1A69-4A45-88F0-953B7BFE6D75}\SupportTasks\1\Support.lnk -> hxxp://www.activision.com/support/
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{C57F56C8-1A69-4A45-88F0-953B7BFE6D75}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.doom3.com/
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.com

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-18 16:22 - 2011-11-18 16:22 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-07-31 14:54 - 2016-07-31 14:54 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:63B15221B785E713 [50]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7904 mehr Seiten.

IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7904 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-06-04 17:43 - 00452796 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15533 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1049672758-3464604034-341253259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Oliver Ortschwager\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.69.96.12 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Amazon Music => "C:\Users\xxx\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Seven => C:\Program Files\PDFSeven\PDF.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: Remote Mouse => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{7A1C9568-863A-433D-A73E-DF84714A6E0A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0AE248BC-994D-4800-9D93-10EEF9F6BB7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{94A491C0-3F8B-4005-8AD0-FAC7F94F38C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F4DA0E9A-AF6C-4EAB-9D95-FAA2A26884A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{A68F6169-C078-4C23-A730-7DDFDEE2F8BD}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [UDP Query User{33A82EEC-84FC-48E6-B6C6-1EE10B1727BC}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [{CC6E2B6F-00BE-4F1E-8D4A-C334CA976CD7}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{79A7C4B7-4595-40C4-9F8E-E693AB1F3349}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [TCP Query User{8FF81CDD-FF97-4845-88AA-4CCBC5D6AF26}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [UDP Query User{3BA0E9DF-F139-44F9-8178-14C506FA70AB}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [{8E00F52F-D17C-4E32-BA91-610EFBCE898E}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D6ED88B-C233-4BD6-8B7B-CD058423A302}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F346CEC1-2A27-4587-B672-B42CC180A077}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{5DE01AE3-F3AD-4CFC-8576-AA615F288907}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [TCP Query User{1D28A62A-1970-4D56-91A5-5E79F9BF58E5}C:\program files (x86)\remote mouse\remotemouse.exe] => (Block) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{A09EFC00-8EE2-453D-8B45-4AE97E13870C}C:\program files (x86)\remote mouse\remotemouse.exe] => (Block) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{86848C9B-1CC3-4795-876A-B17A5FEC0357}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EF22B12B-DEA2-4166-BD96-92152E46129B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6F437C01-FC66-48CF-809F-AC7AE869EBCD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7A11B7A1-118D-4C0B-B680-4731412884EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{090E89BB-94FD-46D9-B773-61758D54B93C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{B36DEA36-6D58-4E98-8A41-D554979EAA2C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{E254FD86-103D-4AD7-A74A-2DCAE5004973}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5A6F2BC6-21CF-494E-A169-1DE099DB25D1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{7D64118F-A62A-4A73-9A28-1C12E9E355C7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{49F7BE2B-1D34-4E96-8D33-AA6BAEBE1951}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{353ED2C4-523D-4F7E-AB94-A5C3233786DA}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/22/2016 06:50:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 10:08:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 07:00:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/21/2016 06:38:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 06:10:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 05:35:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/16/2016 05:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 04:49:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 04:13:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2016 06:32:17 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Falscher Parameter. (0x80070057)"


Systemfehler:
=============
Error: (08/21/2016 06:10:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/21/2016 06:10:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Device Interaction Service erreicht.

Error: (08/21/2016 06:09:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/21/2016 06:09:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Freemake Improver erreicht.

Error: (08/16/2016 05:25:31 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000119 (0x0000000000000001, 0x000000000002bbac, 0x000000000002bbae, 0x000000000002bbad)C:\Windows\MEMORY.DMP081616-56503-01

Error: (08/16/2016 05:25:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎08.‎2016 um 17:22:05 unerwartet heruntergefahren.

Error: (08/16/2016 04:51:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (08/16/2016 04:48:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎08.‎2016 um 16:45:51 unerwartet heruntergefahren.

Error: (08/16/2016 04:39:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.

Error: (08/16/2016 04:39:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 8190.3 MB
Verfügbarer physikalischer RAM: 5262.54 MB
Summe virtueller Speicher: 16378.79 MB
Verfügbarer virtueller Speicher: 13690.05 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:46.58 GB) (Free:3.02 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:186.3 GB) (Free:71.31 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 17AC17AB)
Partition 1: (Active) - (Size=46.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=186.3 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================
FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
durchgeführt von xxx (Administrator) auf GRAND-O-MAT (22-08-2016 13:10:54)
Gestartet von C:\Users\xxx\Desktop
Geladene Profile:xxx (Verfügbare Profile: xxx & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVM Berlin) C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OldTimer Tools) C:\Users\xxx\Desktop\OTL.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-06-04] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe [937984 2014-11-21] (AVM Berlin)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\MountPoints2: {cd3a3ad1-9334-11e2-9c67-001fd022f457} - H:\pushinst.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 192.168.0.1
Tcpip\..\Interfaces\{CFA62AF0-8897-4EE3-935A-CBFE51312FB8}: [DhcpNameServer] 80.69.96.12 192.168.0.1
Tcpip\..\Interfaces\{D04614AF-4B76-41BC-B65A-9CB86445D051}: [DhcpNameServer] 80.69.96.12 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1049672758-3464604034-341253259-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: Kein Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-23] (Oracle Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default
FF DefaultSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-29] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1049672758-3464604034-341253259-1000: @tools.google.com/Google Update;version=3 -> C:\Users\xxx \AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1049672758-3464604034-341253259-1000: @tools.google.com/Google Update;version=9 -> C:\Users\xxx \AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Extension: Garmin Communicator - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-06-04]
FF Extension: AdBlocker Ultimate - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-05-25]
FF Extension: DivX Web Player - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-12-20] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-25]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-07-19] (Freemake) [Datei ist nicht signiert]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-11-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-31] (REALiX(tm))
U0 kgajwlyu; C:\Windows\System32\drivers\sdswo.sys [79064 2016-08-22] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 cpuz130; \??\C:\Users\OLIVER~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-22 13:10 - 2016-08-22 13:11 - 00011705 _____ C:\Users\xxx \Desktop\FRST.txt
2016-08-22 13:10 - 2016-08-22 13:10 - 00000000 ____D C:\FRST
2016-08-22 13:09 - 2016-08-22 13:09 - 02396672 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2016-08-22 12:30 - 2016-08-22 12:30 - 00001371 _____ C:\Users\xxx\Desktop\Lebensthema Adoption- August 2016 - Verknüpfung.lnk
2016-08-22 10:58 - 2016-08-22 10:58 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Desktop\OTL.exe
2016-08-22 10:34 - 2016-08-22 10:34 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\sdswo.sys
2016-08-22 09:08 - 2016-08-22 09:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-22 09:07 - 2016-08-22 09:07 - 00001062 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-22 09:07 - 2016-08-22 09:07 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-08-22 09:07 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-22 09:07 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-22 09:07 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-22 09:06 - 2016-08-22 09:06 - 22851472 _____ (Malwarebytes ) C:\Users\xxx\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-16 17:25 - 2016-08-16 17:25 - 00274304 _____ C:\Windows\Minidump\081616-56503-01.dmp
2016-08-16 16:32 - 2016-08-16 16:32 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-16 16:31 - 2016-08-16 16:32 - 00000000 ____D C:\Program Files\iTunes
2016-08-16 16:31 - 2016-08-16 16:31 - 00000000 ____D C:\Program Files\iPod
2016-08-01 18:12 - 2016-08-01 18:12 - 01030400 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-08-01 18:12 - 2016-08-01 18:12 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-07-29 17:31 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-29 17:31 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-29 17:31 - 2016-05-21 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-29 17:31 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-29 17:31 - 2016-05-21 00:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-29 17:31 - 2016-05-20 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-29 17:31 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-29 17:31 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-29 17:31 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-29 17:31 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-29 17:31 - 2016-05-20 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-29 17:31 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-29 17:31 - 2016-05-20 23:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-29 17:31 - 2016-05-20 23:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-29 17:31 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-29 17:31 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-29 17:31 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-29 17:31 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-29 17:31 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-29 17:31 - 2016-05-20 23:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-29 17:31 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-29 17:31 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-29 17:31 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-29 17:31 - 2016-05-18 18:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-29 17:31 - 2016-05-18 18:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-29 17:31 - 2016-05-14 00:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-29 17:31 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-29 17:31 - 2016-05-13 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-29 17:31 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-29 17:31 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-29 17:31 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-29 17:31 - 2016-05-12 19:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-29 17:31 - 2016-05-12 19:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-29 17:31 - 2016-05-12 19:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-29 17:31 - 2016-05-12 19:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-07-29 17:31 - 2016-05-12 17:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-29 17:31 - 2016-05-12 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-29 17:31 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-29 17:31 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-29 17:31 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-29 17:31 - 2016-05-12 15:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-29 17:31 - 2016-05-12 15:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-29 17:31 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-29 17:31 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-29 17:31 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-29 17:31 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-29 17:31 - 2016-04-14 18:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-07-29 17:31 - 2016-04-14 18:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-07-29 17:31 - 2016-04-14 17:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-29 17:31 - 2016-04-14 17:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-29 17:31 - 2016-04-09 08:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-29 17:31 - 2016-04-09 08:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-29 17:31 - 2016-04-09 08:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-29 17:31 - 2016-04-09 08:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-07-29 17:31 - 2016-04-09 07:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-29 17:31 - 2016-04-09 07:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-07-29 17:31 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-29 17:31 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-07-29 17:30 - 2016-05-24 01:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-29 17:30 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-29 17:30 - 2016-05-21 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-29 17:30 - 2016-05-21 00:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-29 17:30 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-29 17:30 - 2016-05-21 00:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-29 17:30 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-29 17:30 - 2016-05-21 00:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-29 17:30 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-29 17:30 - 2016-05-21 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-29 17:30 - 2016-05-20 23:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-29 17:30 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-29 17:30 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-29 17:30 - 2016-05-20 23:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-29 17:30 - 2016-05-20 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-29 17:30 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-29 17:30 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-29 17:30 - 2016-05-20 23:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-29 17:30 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-29 17:30 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-29 17:30 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-29 17:30 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-29 17:30 - 2016-05-20 23:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-29 17:30 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-29 17:30 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-29 17:30 - 2016-05-20 23:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-29 17:30 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-29 17:30 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-29 17:30 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-29 17:30 - 2016-05-20 23:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-29 17:30 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-29 17:30 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-29 17:30 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-29 17:30 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-29 17:30 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-29 17:30 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-29 17:30 - 2016-05-20 23:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-29 17:30 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-29 17:30 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-29 17:30 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-29 17:30 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-29 17:30 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-29 17:30 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-29 16:17 - 2016-07-29 16:17 - 00000000 ____D C:\Users\xxx\AppData\Local\FreemakeVideoConverter
2016-07-29 15:02 - 2016-07-29 15:02 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-29 14:55 - 2016-07-29 14:55 - 00000000 ____D C:\Users\xxx\AppData\LocalLow\Oracle

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-22 12:48 - 2012-07-09 23:36 - 00001172 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA.job
2016-08-22 10:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas
2016-08-22 08:13 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-22 08:13 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-22 06:53 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat
2016-08-22 06:53 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat
2016-08-22 06:53 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-22 06:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-22 06:51 - 2014-07-11 18:38 - 00002906 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (xxx)
2016-08-22 06:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-16 17:25 - 2013-03-10 15:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-16 17:25 - 2011-12-15 20:31 - 00000000 ____D C:\Windows\Minidump
2016-08-16 16:58 - 2016-04-15 14:07 - 00003556 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-08-16 16:58 - 2013-11-21 22:29 - 00003920 _____ C:\Windows\System32\Tasks\Google Updater and Installer
2016-08-16 16:58 - 2013-03-10 15:06 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-08-16 16:58 - 2012-09-30 22:12 - 00003136 _____ C:\Windows\System32\Tasks\Express DownloaderUpdate
2016-08-16 16:31 - 2014-02-28 18:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-16 16:31 - 2013-12-16 13:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-16 16:11 - 2013-10-19 01:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-08 19:05 - 2011-11-24 01:17 - 00000000 ___DC C:\Users\xxx AppData\Local\MigWiz
2016-08-08 19:04 - 2014-01-26 01:29 - 00004318 _____ C:\Windows\wininit.ini
2016-08-08 18:25 - 2011-12-23 19:51 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-08-08 18:24 - 2016-04-15 14:07 - 00001850 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-08-01 18:14 - 2016-07-02 18:14 - 00002124 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-08-01 18:12 - 2013-10-19 01:32 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-07-30 15:30 - 2014-09-26 13:43 - 00288120 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-29 20:45 - 2013-07-25 18:46 - 00000000 ____D C:\Windows\system32\MRT
2016-07-29 20:41 - 2011-11-16 18:39 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-29 20:40 - 2013-03-14 02:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-29 20:40 - 2013-03-14 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-29 16:15 - 2016-02-05 22:44 - 00001060 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-07-29 15:02 - 2012-03-30 12:55 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-29 15:02 - 2011-11-16 00:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-29 14:43 - 2012-07-09 23:36 - 00004168 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA
2016-07-29 14:43 - 2012-07-09 23:36 - 00003772 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core
2016-07-29 14:43 - 2012-07-09 23:36 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core.job
2016-07-27 21:25 - 2010-11-21 05:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-02-11 20:14 - 2013-07-09 13:01 - 0005632 _____ () C:\Users\xxx \AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-16 18:41 - 2012-10-09 22:52 - 0007636 _____ () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
2012-01-16 20:41 - 2012-01-16 20:41 - 0000041 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-15 15:29

==================== Ende von FRST.txt ============================
--- --- ---

siddi 22.08.2016 17:54
Und die letzte Logdatei.

Code:
OTL logfile created on: 22.08.2016 13:27:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18349)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,19 Gb Available Physical Memory | 64,86% Memory free
15,99 Gb Paging File | 13,42 Gb Available in Paging File | 83,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 46,58 Gb Total Space | 3,02 Gb Free Space | 6,48% Space Free | Partition Type: NTFS
Drive D: | 186,30 Gb Total Space | 71,31 Gb Free Space | 38,27% Space Free | Partition Type: NTFS
 
Computer Name: GRAND-O-MAT | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016.08.22 10:58:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2016.07.31 14:56:28 | 000,809,488 | ---- | M] (Garmin Ltd. or its subsidiaries) -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
PRC - [2016.07.19 16:11:38 | 000,108,032 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2016.07.02 19:27:50 | 000,392,136 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016.06.25 01:45:12 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.11.21 02:00:00 | 000,937,984 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe
PRC - [2011.11.18 16:22:03 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016.05.20 23:54:46 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016.01.31 22:33:06 | 000,246,784 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2016.01.29 20:34:20 | 000,374,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2016.01.29 20:34:20 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2015.07.23 02:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2016.07.31 14:56:28 | 000,809,488 | ---- | M] (Garmin Ltd. or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe -- (Garmin Device Interaction Service)
SRV - [2016.07.29 15:02:41 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016.07.19 16:11:38 | 000,108,032 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2016.06.25 01:45:12 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016.03.04 02:33:41 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.04.12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011.11.18 16:22:03 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016.08.22 10:34:30 | 000,079,064 | ---- | M] (Malwarebytes) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\sdswo.sys -- (kgajwlyu)
DRV:64bit: - [2016.08.01 18:12:13 | 001,030,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2016.07.02 18:52:05 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2016.01.31 22:33:06 | 021,622,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2016.01.31 22:33:06 | 021,622,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2016.01.31 22:33:06 | 000,665,088 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015.11.13 09:50:26 | 000,133,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2015.06.17 17:04:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.04.18 10:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.04 02:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.04 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2016.01.31 22:07:44 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2011.11.16 01:42:25 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 03 0C 04 C9 A3 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = B1 F7 03 2B C3 97 D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0.1-signed.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:47.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2016.07.02 19:27:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2016.07.14 19:23:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2016.07.02 19:27:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 47.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2016.07.14 19:23:03 | 000,000,000 | ---D | M]
 
[2012.07.17 22:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions
[2012.07.17 22:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2016.06.04 15:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions
[2016.06.04 15:54:59 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2016.05.25 18:05:16 | 009,296,122 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\adblockultimate@adblockultimate.net.xpi
[2011.12.20 00:02:38 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\DivXWebPlayer@divx.com.xpi
[2016.05.25 18:04:44 | 001,036,367 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016.07.14 19:23:14 | 000,006,260 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\features\{b12b66a5-3381-4629-9ab6-e08ad12f2106}\e10srollout@mozilla.org.xpi
[2016.07.14 19:23:17 | 000,686,164 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\features\{b12b66a5-3381-4629-9ab6-e08ad12f2106}\firefox@getpocket.com.xpi
[2016.07.14 19:23:26 | 001,696,657 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\features\{b12b66a5-3381-4629-9ab6-e08ad12f2106}\loop@mozilla.org.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: delta-homes (Enabled)
CHR - default_search_provider: search_url = hxxp://search.delta-homes.com/web/?type=ds&ts=1420216200&from=wpm12233&uid=ST3250410AS_6RYDQCVAXXXX6RYDQCVA&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Web (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Web (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Web (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Web (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Web (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Web (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Web (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Web (Enabled) = internal-remoting-viewer
CHR - plugin: Web (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Web (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Web (Enabled) = default_plugin
CHR - Extension: Web = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Web = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2016.06.04 17:43:31 | 000,452,796 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 15542 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {451C804F-C205-4F03-B48E-537EC94937BF} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe (Malwarebytes)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.96.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFA62AF0-8897-4EE3-935A-CBFE51312FB8}: DhcpNameServer = 80.69.96.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D04614AF-4B76-41BC-B65A-9CB86445D051}: DhcpNameServer = 80.69.96.12 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cd3a3ad1-9334-11e2-9c67-001fd022f457}\Shell - "" = AutoRun
O33 - MountPoints2\{cd3a3ad1-9334-11e2-9c67-001fd022f457}\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016.08.22 13:10:48 | 000,000,000 | ---D | C] -- C:\FRST
[2016.08.22 13:09:44 | 002,396,672 | ---- | C] (Farbar) -- C:\Users\xxx\Desktop\FRST64.exe
[2016.08.22 10:58:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2016.08.22 10:34:30 | 000,079,064 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\sdswo.sys
[2016.08.22 09:08:20 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.08.22 09:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
[2016.08.22 09:07:34 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016.08.22 09:07:34 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016.08.22 09:07:34 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016.08.22 09:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware
[2016.08.22 09:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016.08.16 16:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2016.08.16 16:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2016.08.16 16:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2016.08.01 18:12:13 | 001,030,400 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2016.08.01 18:12:13 | 000,082,544 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2016.07.29 17:31:30 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2016.07.29 17:31:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016.07.29 17:31:29 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016.07.29 17:31:29 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016.07.29 17:31:29 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016.07.29 17:31:29 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016.07.29 17:31:29 | 000,249,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2016.07.29 17:31:29 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2016.07.29 17:31:29 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2016.07.29 17:31:29 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016.07.29 17:31:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016.07.29 17:31:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016.07.29 17:31:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016.07.29 17:31:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016.07.29 17:31:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016.07.29 17:31:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016.07.29 17:31:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016.07.29 17:31:28 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016.07.29 17:31:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016.07.29 17:31:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016.07.29 17:31:28 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016.07.29 17:31:24 | 000,382,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016.07.29 17:31:24 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016.07.29 17:31:24 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016.07.29 17:31:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016.07.29 17:31:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016.07.29 17:31:23 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2016.07.29 17:31:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016.07.29 17:31:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016.07.29 17:31:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016.07.29 17:31:21 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2016.07.29 17:31:21 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2016.07.29 17:31:21 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netbtugc.exe
[2016.07.29 17:31:18 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\polstore.dll
[2016.07.29 17:31:18 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2016.07.29 17:31:18 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winipsec.dll
[2016.07.29 17:31:18 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2016.07.29 17:31:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2016.07.29 17:31:18 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2016.07.29 17:31:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2016.07.29 17:31:15 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2016.07.29 17:31:15 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2016.07.29 17:31:15 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2016.07.29 17:31:13 | 003,231,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2016.07.29 17:31:13 | 002,973,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2016.07.29 17:31:12 | 001,867,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2016.07.29 17:31:12 | 001,499,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2016.07.29 17:31:07 | 003,243,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2016.07.29 17:31:07 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2016.07.29 17:31:07 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2016.07.29 17:31:07 | 000,114,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2016.07.29 17:31:06 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2016.07.29 17:31:06 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2016.07.29 17:31:06 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2016.07.29 17:31:06 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2016.07.29 17:31:02 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016.07.29 17:31:02 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016.07.29 17:31:02 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016.07.29 17:31:02 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016.07.29 17:31:02 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016.07.29 17:31:02 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016.07.29 17:31:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016.07.29 17:31:02 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016.07.29 17:31:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016.07.29 17:31:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016.07.29 17:31:01 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016.07.29 17:31:01 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016.07.29 17:31:01 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016.07.29 17:31:00 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016.07.29 17:31:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016.07.29 17:30:59 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016.07.29 17:30:59 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016.07.29 17:30:59 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016.07.29 17:30:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016.07.29 17:30:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016.07.29 17:30:58 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016.07.29 17:30:58 | 000,806,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016.07.29 17:30:58 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016.07.29 17:30:58 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016.07.29 17:30:57 | 002,131,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016.07.29 17:30:57 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016.07.29 17:30:57 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016.07.29 17:30:56 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016.07.29 17:30:56 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016.07.29 17:30:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016.07.29 17:30:55 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016.07.29 17:30:55 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016.07.29 17:30:55 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016.07.29 17:30:54 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016.07.29 17:30:54 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016.07.29 17:30:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016.07.29 17:30:53 | 006,051,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016.07.29 17:30:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016.07.29 17:30:53 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016.07.29 17:30:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016.07.29 17:30:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016.07.29 17:30:52 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016.07.29 17:30:52 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016.07.29 16:17:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\FreemakeVideoConverter
[2016.07.29 15:02:21 | 006,079,168 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016.08.22 13:25:41 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.08.22 13:09:44 | 002,396,672 | ---- | M] (Farbar) -- C:\Users\xxx\Desktop\FRST64.exe
[2016.08.22 12:48:24 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA.job
[2016.08.22 12:30:23 | 000,001,371 | ---- | M] () -- C:\Users\xxx\Desktop\Lebensthema Adoption- August 2016 - Verknüpfung.lnk
[2016.08.22 10:58:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2016.08.22 10:34:30 | 000,079,064 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\sdswo.sys
[2016.08.22 09:07:42 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2016.08.22 08:13:27 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.08.22 08:13:27 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.08.22 06:53:21 | 001,620,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.08.22 06:53:21 | 000,699,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2016.08.22 06:53:21 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.08.22 06:53:21 | 000,149,572 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2016.08.22 06:53:21 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.08.22 06:48:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.08.16 17:25:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016.08.16 16:32:46 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2016.08.08 19:04:08 | 000,004,318 | ---- | M] () -- C:\Windows\wininit.ini
[2016.08.08 18:24:23 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2016.08.01 18:14:26 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 3.lnk
[2016.08.01 18:12:13 | 001,030,400 | ---- | M] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2016.08.01 18:12:13 | 000,116,304 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2016.08.01 18:12:13 | 000,082,544 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2016.07.30 15:30:57 | 000,288,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016.07.29 16:15:34 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2016.07.29 15:02:39 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016.07.29 15:02:39 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016.07.29 15:02:23 | 006,079,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2016.07.29 14:43:50 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016.08.22 12:30:23 | 000,001,371 | ---- | C] () -- C:\Users\xxx\Desktop\Lebensthema Adoption- August 2016 - Verknüpfung.lnk
[2016.08.22 09:07:42 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2016.08.16 16:32:46 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2016.02.05 22:24:47 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
[2016.01.31 22:33:07 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2016.01.31 22:33:05 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2016.01.31 22:33:01 | 000,189,952 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2013.02.11 20:14:54 | 000,005,632 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.16 20:41:22 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.11.16 18:41:15 | 000,007,636 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.04.09 08:58:02 | 014,186,496 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.04.09 08:54:53 | 012,881,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:63B15221B785E713
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34

< End of report >

cosinus 22.08.2016 23:07
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


siddi 23.08.2016 07:18
Adw Datei
 
Guten morgen,

ADWC konnte was finden und ich habs dann gelöscht, hier die dazu ausgespuckte Datei.

(Habe auch wieder den persönlichen Namen durch xxx entfernt.)


Code:
# AdwCleaner v6.000 - Bericht erstellt am 23/08/2016 um 07:39:38
# Aktualisiert am 12/08/2016 von ToolsLib
# Datenbank : 2016-08-22.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : xxx - GRAND-O-MAT
# Gestartet von : C:\Users\xxx\Desktop\AdwCleaner_6.000.exe
# Modus: Löschen
# Unterstützung : https://toolslib.net/forum



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\xxx\AppData\Local\FileViewPro
[-] Ordner gelöscht: C:\ProgramData\DriverBoost
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\DriverBoost
[-] Ordner gelöscht: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
[-] Ordner gelöscht: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater


***** [ Dateien ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.001
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.z
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Schlüssel gelöscht: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\Software\OCS
[-] Schlüssel gelöscht: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\Software\Yahoo\Companion
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1049672758-3464604034-341253259-1000\Software\SweetIM
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\OCS
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Yahoo\Companion
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5048 Bytes] - [23/08/2016 07:39:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [5040 Bytes] - [23/08/2016 07:35:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5194 Bytes] ##########
Wie gefordert, hier die JRT Datei.
Auch hier wieder alles persönliche durch xxx unkenntlich gemacht.

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by xxx(Administrator) on 23.08.2016 at  8:00:14,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 43

Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\xxx\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\xxx\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\xxx\Documents\add-in express (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (xxx) (Task)
Successfully deleted: C:\Windows\system32\Tasks\Express DownloaderUpdate (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_Oliver_Ortschwager (Task)
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39PTBBM8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XK4CBAN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73DUJ63J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPJQGKXP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7R6CF4P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2KXOS83 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PB6PNR63 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGS4W4S9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6L5E1MG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE69M3RK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMAITGP5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMQ49443 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\DRIVERBOOSTER.EXE-9033297F.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39PTBBM8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XK4CBAN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73DUJ63J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPJQGKXP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7R6CF4P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2KXOS83 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PB6PNR63 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGS4W4S9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6L5E1MG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE69M3RK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMAITGP5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMQ49443 (Temporary Internet Files Folder)

Deleted the following from C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\prefs.js
user_pref(extensions.DivXWebPlayer@divx.com.install-event-fired, true);
user_pref(extensions.ascsurfingprotection@iobit.com.install-event-fired, true);
user_pref(extensions.quick_start.enable_search1, false);
user_pref(extensions.xpiState, {\app-profile\:{\adblockultimate@adblockultimate.net\:{\d\:\C:\\\\Users\\\\xxx\\\\AppData\\\\Roaming\\\\Mozilla\\\\Fire
user_pref(startpage.ntsearch_url, hxxps://de.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=402027&p={searchTerms});



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.08.2016 at  8:01:57,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus 23.08.2016 08:35
Hast du alle Optionen vom adwCleaner aktiviert?

siddi 23.08.2016 08:52
Zitat:
Zitat von cosinus (Beitrag 1605977)
Hast du alle Optionen vom adwCleaner aktiviert?
ich habe die aktiviert wie vorgegeben lt. anleitung!
oder sollte ich alle aktivieren ohne außnahme?

cosinus 23.08.2016 09:20
Ne sry hab ungenau gefragt :o ich meinte natürlich alle in der adwcleanerAnleitung geforderten Optionen :D



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

http://www.trojaner-board.de/picture...&pictureid=611

siddi 23.08.2016 10:13
Hier die beiden Logs!
Zuerst FRST und Dann ADDIDITION.

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
durchgeführt von xxx (Administrator) auf GRAND-O-MAT (23-08-2016 10:58:02)
Gestartet von C:\Users\xxx\Desktop
Geladene Profile: xxx (Verfügbare Profile: xxx & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-06-04] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\AVM_update\AVM_FRITZ!WLAN_USB_Stick_x64_Build141114\client\FRITZWLANMini.exe [937984 2014-11-21] (AVM Berlin)
HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 192.168.0.1
Tcpip\..\Interfaces\{CFA62AF0-8897-4EE3-935A-CBFE51312FB8}: [DhcpNameServer] 80.69.96.12 192.168.0.1
Tcpip\..\Interfaces\{D04614AF-4B76-41BC-B65A-9CB86445D051}: [DhcpNameServer] 80.69.96.12 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1049672758-3464604034-341253259-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1049672758-3464604034-341253259-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO-x32: Kein Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-23] (Oracle Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default
FF DefaultSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-29] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1049672758-3464604034-341253259-1000: @tools.google.com/Google Update;version=3 -> C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1049672758-3464604034-341253259-1000: @tools.google.com/Google Update;version=9 -> C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Extension: Garmin Communicator - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-06-04]
FF Extension: AdBlocker Ultimate - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-05-25]
FF Extension: DivX Web Player - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-12-20] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ovs9jx2k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-25]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-07-19] (Freemake) [Datei ist nicht signiert]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-11-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-31] (REALiX(tm))
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\OLIVER~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-23 10:58 - 2016-08-23 10:58 - 00011072 _____ C:\Users\xxx\Desktop\FRST.txt
2016-08-23 10:56 - 2016-08-23 10:56 - 02396672 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2016-08-23 09:43 - 2016-08-23 09:43 - 08227032 _____ (Piriform Ltd) C:\Users\xxx\Downloads\ccsetup521.exe
2016-08-23 08:36 - 2016-08-23 08:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-23 08:36 - 2016-08-23 08:36 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-23 08:35 - 2016-08-23 08:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-23 08:35 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-23 08:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-23 08:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-23 08:07 - 2016-08-23 08:07 - 00007338 _____ C:\Users\xxx\Desktop\JRT Text.txt
2016-08-23 07:44 - 2016-08-23 07:44 - 00005231 _____ C:\Users\xxx\Desktop\AdwCleaner[C0].txt
2016-08-23 07:28 - 2016-08-23 07:39 - 00000000 ____D C:\AdwCleaner
2016-08-23 07:27 - 2016-08-23 07:59 - 01610560 _____ (Malwarebytes) C:\Users\xxx\Desktop\JRT.exe
2016-08-23 07:26 - 2016-08-23 07:26 - 03784256 _____ C:\Users\xxx\Desktop\AdwCleaner_6.000.exe
2016-08-22 18:10 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-22 18:10 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-22 18:10 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-22 18:10 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-22 18:10 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-22 18:10 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-22 18:10 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-22 18:10 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-22 18:10 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-22 18:10 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-22 18:10 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-22 18:10 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-22 18:10 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-22 18:10 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-22 18:10 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-22 18:10 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-22 18:10 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-22 18:10 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-22 18:10 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-22 18:10 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-22 18:10 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-22 18:10 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-22 18:10 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-22 18:10 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-22 18:10 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-22 18:10 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-22 18:10 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-22 18:10 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-22 18:10 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-22 18:10 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-22 18:10 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-22 18:10 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-22 18:10 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-22 18:10 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-22 18:09 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-22 18:09 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-22 18:09 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-22 18:09 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-22 18:09 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-22 18:09 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-22 18:09 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-22 18:09 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-22 18:09 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-22 18:09 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-22 18:09 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-22 18:09 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-22 18:09 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-22 18:09 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-22 18:09 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-22 18:09 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-22 18:09 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-22 18:09 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-22 18:09 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-22 18:09 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-22 18:09 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-22 18:09 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-22 18:09 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-22 18:09 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-22 18:09 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-22 18:09 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-22 18:09 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-22 18:09 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-22 18:09 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-22 18:09 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-22 18:09 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-22 18:09 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-22 18:09 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-22 18:09 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-22 18:09 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-22 18:09 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-22 18:09 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-22 18:09 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-22 18:09 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-22 18:09 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-22 18:09 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-22 18:09 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-22 18:09 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-22 18:09 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-22 18:09 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-22 18:09 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-22 18:09 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-22 14:55 - 2016-08-22 14:55 - 00019102 _____ C:\ComboFix.txt
2016-08-22 14:22 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-08-22 14:22 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-08-22 14:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-08-22 14:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-08-22 14:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-08-22 14:22 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-08-22 14:22 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-08-22 14:22 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-08-22 14:18 - 2016-08-22 14:55 - 00000000 ____D C:\Qoobox
2016-08-22 14:18 - 2016-08-22 14:29 - 00000000 ____D C:\Windows\erdnt
2016-08-22 13:32 - 2016-08-22 13:32 - 00053420 _____ C:\Users\xxx\Desktop\Extras.Txt
2016-08-22 13:31 - 2016-08-22 13:35 - 00090922 _____ C:\Users\xxx\Desktop\OTL.Txt
2016-08-22 13:10 - 2016-08-23 10:58 - 00000000 ____D C:\FRST
2016-08-22 10:58 - 2016-08-22 10:58 - 00602112 _____ (OldTimer Tools) C:\Users\xxx\Desktop\OTL.exe
2016-08-22 10:41 - 2016-06-26 02:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-08-22 10:41 - 2016-06-26 02:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-08-22 10:41 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-08-22 10:41 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-08-22 10:41 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-08-22 10:41 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-08-22 10:41 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-08-22 10:41 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-08-22 10:41 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-08-22 10:41 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-08-22 10:41 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-08-22 10:41 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-08-22 10:41 - 2016-06-22 15:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-08-22 10:41 - 2016-06-17 20:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-08-22 10:41 - 2016-06-17 20:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-08-22 10:41 - 2016-06-17 20:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-08-22 10:41 - 2016-06-17 20:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-08-22 10:41 - 2016-06-17 20:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-08-22 10:41 - 2016-06-17 20:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-08-22 09:06 - 2016-08-23 08:35 - 22851472 _____ (Malwarebytes ) C:\Users\xxx\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-16 16:32 - 2016-08-16 16:32 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-16 16:31 - 2016-08-16 16:32 - 00000000 ____D C:\Program Files\iTunes
2016-08-16 16:31 - 2016-08-16 16:31 - 00000000 ____D C:\Program Files\iPod
2016-08-01 18:12 - 2016-08-01 18:12 - 01030400 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-08-01 18:12 - 2016-08-01 18:12 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-07-29 17:31 - 2016-05-18 18:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-29 17:31 - 2016-05-18 18:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-29 17:31 - 2016-05-14 00:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-29 17:31 - 2016-05-14 00:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-29 17:31 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-29 17:31 - 2016-05-13 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-29 17:31 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-29 17:31 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-29 17:31 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-29 17:31 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-29 17:31 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-29 17:31 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-29 17:31 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-29 17:31 - 2016-05-12 16:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-29 17:31 - 2016-05-12 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-29 17:31 - 2016-05-12 15:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-29 17:31 - 2016-05-12 15:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-29 17:31 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-29 17:31 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-29 17:31 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-29 17:31 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-29 17:31 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-29 17:31 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-29 17:31 - 2016-04-14 18:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-07-29 17:31 - 2016-04-14 18:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-07-29 17:31 - 2016-04-14 18:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-07-29 17:31 - 2016-04-14 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-07-29 17:31 - 2016-04-14 17:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-29 17:31 - 2016-04-14 17:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-29 17:31 - 2016-04-09 08:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-29 17:31 - 2016-04-09 08:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-29 17:31 - 2016-04-09 08:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-29 17:31 - 2016-04-09 08:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-07-29 17:31 - 2016-04-09 07:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-29 17:31 - 2016-04-09 07:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-07-29 17:31 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-29 17:31 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-07-29 16:17 - 2016-07-29 16:17 - 00000000 ____D C:\Users\xxx\AppData\Local\FreemakeVideoConverter
2016-07-29 15:02 - 2016-07-29 15:02 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-29 14:55 - 2016-07-29 14:55 - 00000000 ____D C:\Users\xxx\AppData\LocalLow\Oracle

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-23 10:48 - 2012-07-09 23:36 - 00001172 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA.job
2016-08-23 09:45 - 2011-12-15 20:31 - 00000000 ____D C:\Windows\Minidump
2016-08-23 09:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-23 09:44 - 2015-01-03 17:27 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-23 09:16 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-23 09:16 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-23 09:13 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat
2016-08-23 09:13 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat
2016-08-23 09:13 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-23 09:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-23 08:00 - 2014-07-11 18:39 - 00000000 ____D C:\Program Files (x86)\IObit
2016-08-23 08:00 - 2013-10-19 01:23 - 00000000 ____D C:\Users\xxx\AppData\Roaming\IObit
2016-08-23 06:55 - 2014-09-26 13:43 - 00288120 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-23 06:52 - 2015-04-20 22:10 - 00000000 ____D C:\Windows\system32\appraiser
2016-08-23 06:52 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-22 19:38 - 2013-07-25 18:46 - 00000000 ____D C:\Windows\system32\MRT
2016-08-22 19:34 - 2011-11-16 18:39 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-22 14:53 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-08-22 10:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas
2016-08-16 17:25 - 2013-03-10 15:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-16 16:58 - 2016-04-15 14:07 - 00003556 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-08-16 16:58 - 2013-11-21 22:29 - 00003920 _____ C:\Windows\System32\Tasks\Google Updater and Installer
2016-08-16 16:58 - 2013-03-10 15:06 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-08-16 16:31 - 2014-02-28 18:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-16 16:31 - 2013-12-16 13:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-16 16:11 - 2013-10-19 01:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-08-08 19:05 - 2011-11-24 01:17 - 00000000 ___DC C:\Users\xxx\AppData\Local\MigWiz
2016-08-08 18:25 - 2011-12-23 19:51 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-08-08 18:24 - 2016-04-15 14:07 - 00001850 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-08-01 18:12 - 2013-10-19 01:32 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-07-29 20:40 - 2013-03-14 02:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-29 20:40 - 2013-03-14 02:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-29 16:15 - 2016-02-05 22:44 - 00001060 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-07-29 15:02 - 2012-03-30 12:55 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-29 15:02 - 2011-11-16 00:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-29 14:43 - 2012-07-09 23:36 - 00004168 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA
2016-07-29 14:43 - 2012-07-09 23:36 - 00003772 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core
2016-07-29 14:43 - 2012-07-09 23:36 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core.job
2016-07-27 21:25 - 2010-11-21 05:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-02-11 20:14 - 2013-07-09 13:01 - 0005632 _____ () C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-16 18:41 - 2012-10-09 22:52 - 0007636 _____ () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
2012-01-16 20:41 - 2012-01-16 20:41 - 0000041 ___SH () C:\ProgramData\.zreglib

Einige Dateien in TEMP:
====================
C:\Users\xxx\AppData\Local\Temp\libeay32.dll
C:\Users\xxx\AppData\Local\Temp\msvcr120.dll
C:\Users\xxx\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-22 19:13

==================== Ende von FRST.txt ============================
Hier nun das zweite.

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
durchgeführt von xxx (23-08-2016 10:58:31)
Gestartet von C:\Users\xxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-11-15 18:35:28)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1049672758-3464604034-341253259-500 - Administrator - Disabled)
Gast (S-1-5-21-1049672758-3464604034-341253259-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1049672758-3464604034-341253259-1002 - Limited - Enabled)
xxx (S-1-5-21-1049672758-3464604034-341253259-1000 - Administrator - Enabled) => C:\Users\xxx

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Amazon Amazon Music) (Version: 3.11.5.1140 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty Modern Warfare 3 (c) Activision version 1 (HKLM-x32\...\Call of Duty Modern Warfare 3 (c) Activision_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Garmin BaseCamp (HKLM-x32\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
G-Force (HKLM-x32\...\G-Force) (Version: 5.2 - SoundSpectrum)
Google Chrome (HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 de)) (Version: 45.0 - Mozilla)
Mozilla Firefox 47.0.1 (x86 de) (HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\Mozilla Firefox 47.0.1 (x86 de)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
SoftSkies (HKLM-x32\...\SoftSkies) (Version: 1.7 - SoundSpectrum)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1049672758-3464604034-341253259-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1049672758-3464604034-341253259-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\xxx\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {038F85B7-D443-46F9-9DBD-7621199E7B3B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-29] (Adobe Systems Incorporated)
Task: {051C49EC-9DE3-425A-8A00-6B33EB1E44E8} - System32\Tasks\{80E2F559-4181-4032-B4F8-50DE9F06A4FB} => pcalua.exe -a "D:\Programme\Project Snowblind\uninstsb.exe" -d "D:\Programme\Project Snowblind"
Task: {14193E98-13E1-4A0C-9F42-F9103150EAB5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-07-31] ()
Task: {184603E1-9673-466C-B7B0-D4EC6332A8E0} - System32\Tasks\{CD5005BA-B671-42D7-9B0A-BD2D4092031B} => pcalua.exe -a "C:\Users\xxx\Downloads\64bit_Vista_Win7_R266.exe" -d "C:\Users\xxx\Desktop"
Task: {249D6CC3-C0BC-4C91-A081-2F57DC3F25B5} - System32\Tasks\{8525A83D-7BA9-4BC6-8714-6F26F8A9C2B3} => pcalua.exe -a D:\Programme\IrfanView\iv_uninstall.exe -d D:\Programme\IrfanView
Task: {2C44664B-DDE2-432A-AAF3-A3AC035A0E14} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {2CED37EA-7F99-45A6-BE8E-90BB256EB1ED} - System32\Tasks\{D6DFD02C-99DB-47F3-826E-262741F0F6AE} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {3E835A89-B594-4236-89D0-ADF65C2ECC35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {46463771-F7BF-4945-8F61-FB4F1E83F90B} - System32\Tasks\{5F43D822-B02D-43A0-ADE1-A6EC4E4C4D89} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {4997A0F2-371A-401F-8101-04BD0925E6DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {60B2CCD5-874D-4DE3-9073-0E281BD2DFEA} - System32\Tasks\{629107D0-E547-4569-9CA9-2B0642FF287A} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {66A58A18-7013-4574-81A8-54B554A17E23} - System32\Tasks\{E302C280-361F-40AE-AE13-84F8FA4D447B} => C:\Users\xxx\Downloads\Realtek\Setup.exe
Task: {694850C6-43AC-4A2C-8F6F-96A8EEC77B9B} - System32\Tasks\{12C8FED8-2409-4259-863C-8B98DDA1414C} => pcalua.exe -a "D:\Program Files (x86)\LucasFan Games\MMD\winsetup.exe" -d "D:\Program Files (x86)\LucasFan Games\MMD"
Task: {6D7E128F-6D2A-4CF2-9D9F-F282E8B99F88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {6F5FE2A2-E6D7-4F23-8794-55808FC8EF9D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {71A480A8-D0E6-454E-B2DD-F06CFB303787} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {73E0343E-F416-4225-BD8A-51D9E013C698} - System32\Tasks\{61C64531-A760-4D02-AB1D-EC0E8D0775A7} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {79BCCCF4-FAEE-466C-A4EA-C13316185A04} - System32\Tasks\{6C85F062-8551-4132-B974-7612D0CDC5E2} => pcalua.exe -a "D:\Games\Drug Lord 2\Drug Lord 2\Drug Lord 2\druglord2.exe"
Task: {7E0DBDAD-9E6D-405B-9979-3BDABF29AF90} - System32\Tasks\{B5C48E0F-524A-4BB1-9D87-E6B34A55D12D} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {7F4667C4-68A7-49E5-BB8A-F08C4F182BAC} - System32\Tasks\Google Updater and Installer => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {82074290-ED60-4E01-B577-F92757F8C1A6} - System32\Tasks\{D2CEF108-4754-487D-919E-CF842379929C} => pcalua.exe -a "C:\Users\xxx\Downloads\DeepBurner19.exe" -d "D:\Program Files (x86)\Mozilla Firefox"
Task: {824665AB-CD18-4E55-BE80-A37448FAACAB} - System32\Tasks\{649A3D18-779D-4F76-8F5F-8DBC8F6849FB} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {85BD28BA-E122-4BB9-8530-10429C3027D9} - System32\Tasks\{D59B8082-C7E3-49CA-98E9-9385512697D2} => D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
Task: {97F68256-E93A-4345-A2D4-2527FCC0B0FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A8FF540C-A93B-4C95-A649-1697778BBC40} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {AF0546B9-F35D-4002-BE6A-B59B3FA75725} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B6136BA8-0BCF-433B-AAA5-1B26D5C60F68} - System32\Tasks\{8A12A290-7723-4267-B995-0EA8999FFB54} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {B685D8EE-A04C-4438-A159-E56975F56965} - System32\Tasks\{B942B6F9-C2E7-448F-94E6-F15D5A19275A} => D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
Task: {BBA99E95-33ED-453F-93DA-301FE8F256D1} - System32\Tasks\{70295AA1-168A-4E81-AD42-B6A0351E9320} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {BBDCCD7B-8147-4F84-8453-66DE8B515EF8} - System32\Tasks\{5BD8F020-73B8-4605-814D-94B1FA28578E} => D:\Programme\2K Games\BioShock\Builds\Release\Bioshock.exe
Task: {BD09EB50-D668-4ADE-900F-14E22DCECCD5} - System32\Tasks\{B5AA7BF5-5B7C-410D-9FE3-8A9362B30380} => pcalua.exe -a "D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe"
Task: {BF07987C-F0D5-405A-945E-DC614ADB9726} - System32\Tasks\{02E651CF-0BB1-4F61-9018-882BBC70C703} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {CA2A6535-6BC3-4374-8D5D-B828B283B509} - System32\Tasks\{9485ED37-A2B3-410F-AEC9-5004E633C82F} => pcalua.exe -a "C:\Users\xxx\Downloads\avm_fritz!wlan_usb_stick_n_v2_x64_build_141114.exe" -d "C:\Users\xxx\Downloads"
Task: {E1DF450E-0DDB-4CF0-8B19-670D42E755C3} - System32\Tasks\{642E804F-7ACD-4B92-A372-3FDFD83F0A02} => C:\Users\Oliver Ortschwager\Downloads\driverperformer_Zsetup.exe
Task: {E3FD2198-BFAE-4A50-9175-6951365193F0} - System32\Tasks\{EC03D0F9-E9F0-41B6-910D-11BB45B55974} => pcalua.exe -a D:\Programme\AntiTwin\uninstall.exe -d D:\Programme\AntiTwin
Task: {E78AEA73-7D37-4E6E-9A8B-74D030F142C6} - System32\Tasks\{FD00141B-5411-4ADD-942B-C3412F7AA273} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {E8967632-81FA-464C-9DA8-C3D987ED29AE} - System32\Tasks\{5E0FA113-EEDE-4270-A2F1-5E8BB88EFF62} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {EE6F0E03-2840-493C-99BE-D595190A10CD} - System32\Tasks\{FAC2D29A-D1E2-40A2-9509-67F9788471F3} => pcalua.exe -a "D:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/8720
Task: {F225541A-45DE-4A51-888F-BF609BAFD675} - System32\Tasks\{66F213FA-5F7E-46F8-B15A-CA7B87BE3682} => D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
Task: {F9325525-568D-4734-8689-11F7B8D5A07C} - System32\Tasks\{C13A2D43-B78F-452F-8459-E81824520FA0} => C:\Users\Oliver Ortschwager\Downloads\Realtek\Setup.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000Core.job => C:\Users\Oliver Ortschwager\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049672758-3464604034-341253259-1000UA.job => C:\Users\Oliver Ortschwager\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{C57F56C8-1A69-4A45-88F0-953B7BFE6D75}\SupportTasks\1\Support.lnk -> hxxp://www.activision.com/support/
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{C57F56C8-1A69-4A45-88F0-953B7BFE6D75}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.doom3.com/
Shortcut: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.com

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-18 16:22 - 2011-11-18 16:22 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-07-31 14:54 - 2016-07-31 14:54 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7904 mehr Seiten.

IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1049672758-3464604034-341253259-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7902 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-08-22 14:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1      localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1049672758-3464604034-341253259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.69.96.12 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Amazon Music => "C:\Users\xxx\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Seven => C:\Program Files\PDFSeven\PDF.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: Remote Mouse => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{7A1C9568-863A-433D-A73E-DF84714A6E0A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0AE248BC-994D-4800-9D93-10EEF9F6BB7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{94A491C0-3F8B-4005-8AD0-FAC7F94F38C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F4DA0E9A-AF6C-4EAB-9D95-FAA2A26884A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{A68F6169-C078-4C23-A730-7DDFDEE2F8BD}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [UDP Query User{33A82EEC-84FC-48E6-B6C6-1EE10B1727BC}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [{CC6E2B6F-00BE-4F1E-8D4A-C334CA976CD7}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{79A7C4B7-4595-40C4-9F8E-E693AB1F3349}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [TCP Query User{8FF81CDD-FF97-4845-88AA-4CCBC5D6AF26}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [UDP Query User{3BA0E9DF-F139-44F9-8178-14C506FA70AB}D:\games\call of duty black ops\blackops.exe] => (Block) D:\games\call of duty black ops\blackops.exe
FirewallRules: [{8E00F52F-D17C-4E32-BA91-610EFBCE898E}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D6ED88B-C233-4BD6-8B7B-CD058423A302}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F346CEC1-2A27-4587-B672-B42CC180A077}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{5DE01AE3-F3AD-4CFC-8576-AA615F288907}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [TCP Query User{1D28A62A-1970-4D56-91A5-5E79F9BF58E5}C:\program files (x86)\remote mouse\remotemouse.exe] => (Block) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{A09EFC00-8EE2-453D-8B45-4AE97E13870C}C:\program files (x86)\remote mouse\remotemouse.exe] => (Block) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{86848C9B-1CC3-4795-876A-B17A5FEC0357}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EF22B12B-DEA2-4166-BD96-92152E46129B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6F437C01-FC66-48CF-809F-AC7AE869EBCD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7A11B7A1-118D-4C0B-B680-4731412884EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{090E89BB-94FD-46D9-B773-61758D54B93C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{B36DEA36-6D58-4E98-8A41-D554979EAA2C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{E254FD86-103D-4AD7-A74A-2DCAE5004973}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5A6F2BC6-21CF-494E-A169-1DE099DB25D1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{7D64118F-A62A-4A73-9A28-1C12E9E355C7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{49F7BE2B-1D34-4E96-8D33-AA6BAEBE1951}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{353ED2C4-523D-4F7E-AB94-A5C3233786DA}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/23/2016 09:09:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 07:42:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 07:39:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2016 06:55:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2016 06:50:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 10:08:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 07:00:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/21/2016 06:38:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2016 06:10:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2016 05:35:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"


Systemfehler:
=============
Error: (08/23/2016 10:48:39 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (08/23/2016 07:39:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/23/2016 07:39:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X64" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/23/2016 07:39:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X86" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/23/2016 07:39:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/23/2016 07:39:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/23/2016 07:39:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/23/2016 07:39:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/23/2016 07:39:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/23/2016 07:39:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-08-22 14:28:43.023
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-08-22 14:28:42.961
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 8190.3 MB
Verfügbarer physikalischer RAM: 6579.71 MB
Summe virtueller Speicher: 16378.79 MB
Verfügbarer virtueller Speicher: 14835.84 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:46.58 GB) (Free:3.12 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:186.3 GB) (Free:71.31 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 17AC17AB)
Partition 1: (Active) - (Size=46.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=186.3 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:09 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131