Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Sweet Page, jetzt startet Avira nicht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.06.2014, 17:05   #1
VietUchiha
 
Sweet Page, jetzt startet Avira nicht - Standard

Sweet Page, jetzt startet Avira nicht



Hallo Leute,

hab wie blöd ich in diesem moment auch war ne exe mit 1mb geöffnet. Danach hatten alle Browser als startseite sweetpage. Erst hab ich mein System wiederhergestellt... nix! (war klar), danach hab ich versucht es manuel zu beheben startseite zurückgestzt etc. Nach einem neustart ging Avira plötzlich nicht. Ich entschied mich dann für adwcleaner oder wie das auch heisst. Hier die log:













# AdwCleaner v3.211 - Bericht erstellt am 04/06/2014 um 17:54:51
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzername : VietUchiha - VIETUCHIHA-PC
# Gestartet von : C:\Users\VietUchiha\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\IePluginServices
[!] Ordner Gelöscht : C:\ProgramData\WPM
[!] Ordner Gelöscht : C:\Users\VIETUC~1\AppData\Local\Temp\Mega Browse
[!] Ordner Gelöscht : C:\Users\VIETUC~1\AppData\Local\Temp\OCS
[!] Ordner Gelöscht : C:\Users\VietUchiha\AppData\Roaming\SupTab

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_atube-catcher_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_atube-catcher_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\mysearchdial.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16385

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\VietUchiha\AppData\Roaming\Mozilla\Firefox\Profiles\kn2gj36j.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\VietUchiha\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5066 octets] - [04/06/2014 17:52:28]
AdwCleaner[S0].txt - [3563 octets] - [04/06/2014 17:54:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3623 octets] ##########

Alt 04.06.2014, 17:06   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet Page, jetzt startet Avira nicht - Standard

Sweet Page, jetzt startet Avira nicht



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 04.06.2014, 21:29   #3
VietUchiha
 
Sweet Page, jetzt startet Avira nicht - Standard

Sweet Page, jetzt startet Avira nicht



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by VietUchiha (administrator) on VIETUCHIHA-PC on 04-06-2014 18:10:09
Running from C:\Users\VietUchiha\Desktop
Platform: Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Flux Software LLC) C:\Users\VietUchiha\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Curse, Inc) C:\Users\VietUchiha\AppData\Roaming\Curse Client\Bin\Curse.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe" -autorun
HKU\S-1-5-21-4186206059-3615923413-1071251348-1001\...\Run: [f.lux] => C:\Users\VietUchiha\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-4186206059-3615923413-1071251348-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-4186206059-3615923413-1071251348-1001\...\MountPoints2: {140fec3f-bd83-11e3-be90-1078d28dce26} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\VietUchiha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\VietUchiha\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_14_ff&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtBzz0D0C0EtByCyCtDzz0BtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0FzztD0B0BzyzytG0DyCtC0DtGtDtCyDtCtGtDtDzytAtGyC0BtA0FyE0FyEyB0E0E0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0F0EyEtDtD0AtG0B0C0AzytGyB0EyCtCtGyE0EtA0AtGyCzz0B0CyByBtBzzyByE0C0E2Q&cr=50621311&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_14_ff&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtBzz0D0C0EtByCyCtDzz0BtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0FzztD0B0BzyzytG0DyCtC0DtGtDtCyDtCtGtDtDzytAtGyC0BtA0FyE0FyEyB0E0E0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0F0EyEtDtD0AtG0B0C0AzytGyB0EyCtCtGyE0EtA0AtGyCzz0B0CyByBtBzzyByE0C0E2Q&cr=50621311&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_14_ff&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtBzz0D0C0EtByCyCtDzz0BtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0FzztD0B0BzyzytG0DyCtC0DtGtDtCyDtCtGtDtDzytAtGyC0BtA0FyE0FyEyB0E0E0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0F0EyEtDtD0AtG0B0C0AzytGyB0EyCtCtGyE0EtA0AtGyCzz0B0CyByBtBzzyByE0C0E2Q&cr=50621311&ir=
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Windows\SysWOW64\PrxerNsp.dll [56424] ()
Winsock: Catalog5-x64 07 %SystemRoot%\system32\PrxerNsp.dll [57448] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\VietUchiha\AppData\Roaming\Mozilla\Firefox\Profiles\kn2gj36j.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*'))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "ftp", "88.212.27.27"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "88.212.27.27"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "88.212.27.27"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "88.212.27.27"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MEGA - C:\Users\VietUchiha\AppData\Roaming\Mozilla\Firefox\Profiles\kn2gj36j.default\Extensions\firefox@mega.co.nz.xpi [2014-04-23]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\VietUchiha\AppData\Roaming\Mozilla\Firefox\Profiles\kn2gj36j.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-04-03]
FF Extension: Stealthy - C:\Users\VietUchiha\AppData\Roaming\Mozilla\Firefox\Profiles\kn2gj36j.default\Extensions\stealthyextension@gmail.com.xpi [2014-04-03]
FF Extension: Adblock Plus - C:\Users\VietUchiha\AppData\Roaming\Mozilla\Firefox\Profiles\kn2gj36j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-03]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR Extension: (Google Docs) - C:\Users\VietUchiha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-19]
CHR Extension: (Google Drive) - C:\Users\VietUchiha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-19]
CHR Extension: (YouTube) - C:\Users\VietUchiha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-19]
CHR Extension: (Google-Suche) - C:\Users\VietUchiha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-19]
CHR Extension: (Google Wallet) - C:\Users\VietUchiha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19]
CHR Extension: (Google Mail) - C:\Users\VietUchiha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-19]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-30] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-05-30] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2509016 2013-12-10] (VMware, Inc.)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm.exe [486104 2014-04-14] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 18:10 - 2014-06-04 18:10 - 00015158 _____ () C:\Users\VietUchiha\Desktop\FRST.txt
2014-06-04 18:09 - 2014-06-04 18:10 - 00000000 ____D () C:\FRST
2014-06-04 18:09 - 2014-06-04 18:09 - 02068992 _____ (Farbar) C:\Users\VietUchiha\Desktop\FRST64.exe
2014-06-04 17:52 - 2014-06-04 17:54 - 00000000 ____D () C:\AdwCleaner
2014-06-04 17:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-04 17:23 - 2014-06-04 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 16:53 - 2014-06-04 16:53 - 00000269 _____ () C:\1.txt
2014-06-04 16:45 - 2014-06-04 17:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-04 16:45 - 2014-06-04 16:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 19:51 - 2014-06-02 19:51 - 00000000 ____D () C:\Users\VietUchiha\Desktop\School 2013 OST
2014-06-02 19:51 - 2014-02-04 14:10 - 00000000 ____D () C:\Users\VietUchiha\Desktop\Heartstrings OST Special 1+2
2014-05-30 23:39 - 2014-05-30 23:40 - 00000000 ____D () C:\Users\VietUchiha\Documents\Battlefield 3
2014-05-30 23:39 - 2014-05-30 23:39 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\PunkBuster
2014-05-30 23:39 - 2014-05-30 23:39 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\ESN
2014-05-30 23:38 - 2014-05-30 23:38 - 00000000 ____D () C:\ProgramData\EA Core
2014-05-30 13:11 - 2014-05-30 13:11 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-30 13:11 - 2014-05-30 13:11 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-30 13:11 - 2014-05-30 13:11 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-30 13:11 - 2014-05-30 13:11 - 00001174 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-05-30 13:11 - 2014-05-30 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-05-29 21:17 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-05-29 21:17 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-05-29 21:17 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-05-29 21:17 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-05-29 21:17 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-05-29 21:17 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-05-29 14:46 - 2014-05-30 12:51 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-29 14:45 - 2014-05-30 12:42 - 00000000 ____D () C:\Users\VietUchiha\AppData\Roaming\Origin
2014-05-29 14:45 - 2014-05-29 14:46 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\Origin
2014-05-29 14:43 - 2014-06-01 01:32 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 14:43 - 2014-05-30 23:38 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-29 14:43 - 2014-05-30 15:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-29 14:43 - 2014-05-29 14:43 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-28 20:15 - 2014-05-31 09:11 - 00000000 ____D () C:\Users\VietUchiha\Desktop\Schule
2014-05-28 01:23 - 2014-05-28 01:23 - 00000114 ____H () C:\Users\VietUchiha\Desktop\.~lock.Symbol für Glück.odt#
2014-05-21 12:26 - 2014-05-22 12:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-21 12:26 - 2014-05-21 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-19 22:36 - 2014-06-04 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-19 22:35 - 2014-06-04 17:56 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 22:35 - 2014-06-04 17:40 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 22:35 - 2014-05-19 22:36 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\Google
2014-05-19 22:35 - 2014-05-19 22:35 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-19 22:35 - 2014-05-19 22:35 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-19 22:35 - 2014-05-19 22:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-19 22:06 - 2014-05-19 22:09 - 00018854 _____ () C:\Users\VietUchiha\Desktop\Politik.odt
2014-05-19 20:23 - 2014-05-19 20:23 - 00018928 _____ () C:\Users\VietUchiha\Desktop\Kündigung.odt
2014-05-17 18:04 - 2014-05-17 18:04 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-05-17 18:04 - 2014-05-17 18:04 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-05-16 19:26 - 2014-05-17 00:15 - 00000000 ____D () C:\Users\VietUchiha\AppData\Roaming\FileZilla
2014-05-16 19:26 - 2014-05-16 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-05-16 19:26 - 2014-05-16 19:26 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-05-16 19:26 - 2014-05-16 19:25 - 04968079 _____ (Tim Kosse) C:\Users\VietUchiha\Downloads\FileZilla_3.8.0_win32-setup [1].exe
2014-05-15 18:34 - 2014-05-15 18:34 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\VMware
2014-05-15 14:52 - 2014-05-15 14:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-15 14:52 - 2014-05-15 14:52 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-15 14:52 - 2014-05-15 14:52 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-15 14:52 - 2014-05-15 14:52 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-15 14:52 - 2014-05-15 14:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-15 14:52 - 2014-05-15 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-05-15 14:51 - 2014-05-15 14:52 - 00000000 ____D () C:\Program Files\Java
2014-05-15 14:32 - 2014-05-18 21:28 - 00000000 ____D () C:\Users\VietUchiha\AppData\Roaming\VMware
2014-05-15 14:32 - 2014-05-15 18:34 - 00000000 ____D () C:\ProgramData\VMware
2014-05-15 14:32 - 2014-05-15 14:32 - 00002015 _____ () C:\Users\Public\Desktop\VMware Horizon View Client.lnk
2014-05-15 14:32 - 2014-05-15 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-05-15 14:32 - 2014-05-15 14:32 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-05-15 14:32 - 2013-12-09 15:04 - 00054488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-05-15 14:32 - 2013-12-09 15:03 - 00037680 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmusb.sys
2014-05-15 13:56 - 2014-05-15 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-15 13:54 - 2014-05-15 13:54 - 00000000 ____D () C:\ProgramData\Sun
2014-05-15 13:53 - 2014-05-15 13:53 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-06 19:34 - 2014-05-06 19:34 - 402691109 _____ () C:\Windows\MEMORY.DMP
2014-05-06 19:34 - 2014-05-06 19:34 - 00890400 _____ () C:\Windows\Minidump\050614-15225-01.dmp
2014-05-06 01:23 - 2014-05-06 01:23 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-06 01:23 - 2009-04-16 14:08 - 00136704 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l70v.dll
2014-05-06 01:22 - 2014-05-06 01:24 - 00193277 _____ () C:\Windows\hphins34.dat
2014-05-06 01:22 - 2014-05-06 01:24 - 00000358 _____ () C:\ProgramData\hpzinstall.log
2014-05-06 01:22 - 2014-05-06 01:22 - 00000000 ____D () C:\ProgramData\HP
2014-05-06 01:22 - 2010-01-30 15:39 - 00000532 ____N () C:\Windows\hphmdl34.dat
2014-05-06 01:22 - 2009-04-16 13:53 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2014-05-06 01:22 - 2008-10-29 02:27 - 00551424 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll

==================== One Month Modified Files and Folders =======

2014-06-04 18:10 - 2014-06-04 18:10 - 00015158 _____ () C:\Users\VietUchiha\Desktop\FRST.txt
2014-06-04 18:10 - 2014-06-04 18:09 - 00000000 ____D () C:\FRST
2014-06-04 18:10 - 2014-04-02 22:38 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\Temp
2014-06-04 18:09 - 2014-06-04 18:09 - 02068992 _____ (Farbar) C:\Users\VietUchiha\Desktop\FRST64.exe
2014-06-04 18:03 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 18:03 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 17:59 - 2014-04-02 21:49 - 01605578 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 17:56 - 2014-05-19 22:35 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 17:56 - 2014-04-02 23:30 - 00226424 _____ () C:\Windows\PFRO.log
2014-06-04 17:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 17:56 - 2009-07-14 06:51 - 00027049 _____ () C:\Windows\setupact.log
2014-06-04 17:54 - 2014-06-04 17:52 - 00000000 ____D () C:\AdwCleaner
2014-06-04 17:50 - 2013-01-20 14:46 - 00000000 ____D () C:\Users\VietUchiha\Desktop\Hoangs Ordner
2014-06-04 17:40 - 2014-05-19 22:35 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 17:34 - 2014-04-02 23:35 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-04 17:23 - 2014-06-04 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 17:18 - 2014-04-02 22:38 - 00000000 ____D () C:\Users\VietUchiha
2014-06-04 17:17 - 2014-06-04 16:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-04 17:17 - 2014-05-19 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-04 17:17 - 2014-04-17 16:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-04 17:17 - 2014-04-06 18:28 - 00000000 ____D () C:\Users\VietUchiha\AppData\Roaming\vlc
2014-06-04 17:17 - 2014-04-02 23:55 - 00000000 ____D () C:\Program Files (x86)\LSI
2014-06-04 17:17 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-04 17:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-04 17:16 - 2014-04-02 23:22 - 00000000 ____D () C:\Users\VietUchiha\AppData\Roaming\Skype
2014-06-04 16:53 - 2014-06-04 16:53 - 00000269 _____ () C:\1.txt
2014-06-04 16:45 - 2014-06-04 16:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 16:35 - 2014-04-02 23:24 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\PMB Files
2014-06-03 00:14 - 2014-04-23 19:29 - 00000000 ____D () C:\Users\VietUchiha\Desktop\Mahouka Koukou no Rettousei
2014-06-02 19:51 - 2014-06-02 19:51 - 00000000 ____D () C:\Users\VietUchiha\Desktop\School 2013 OST
2014-06-02 02:15 - 2014-04-10 23:56 - 00000000 ____D () C:\Users\VietUchiha\AppData\Roaming\TS3Client
2014-06-01 01:32 - 2014-05-29 14:43 - 00000000 ____D () C:\ProgramData\Origin
2014-05-31 09:11 - 2014-05-28 20:15 - 00000000 ____D () C:\Users\VietUchiha\Desktop\Schule
2014-05-30 23:40 - 2014-05-30 23:39 - 00000000 ____D () C:\Users\VietUchiha\Documents\Battlefield 3
2014-05-30 23:39 - 2014-05-30 23:39 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\PunkBuster
2014-05-30 23:39 - 2014-05-30 23:39 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\ESN
2014-05-30 23:38 - 2014-05-30 23:38 - 00000000 ____D () C:\ProgramData\EA Core
2014-05-30 23:38 - 2014-05-29 14:43 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-30 19:06 - 2014-04-02 23:24 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-30 15:15 - 2014-05-29 14:43 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-30 13:11 - 2014-05-30 13:11 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-30 13:11 - 2014-05-30 13:11 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-30 13:11 - 2014-05-30 13:11 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-30 13:11 - 2014-05-30 13:11 - 00001174 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-05-30 13:11 - 2014-05-30 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-05-30 13:11 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-30 13:10 - 2014-04-21 01:43 - 00045377 _____ () C:\Windows\DirectX.log
2014-05-30 12:51 - 2014-05-29 14:46 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-30 12:42 - 2014-05-29 14:45 - 00000000 ____D () C:\Users\VietUchiha\AppData\Roaming\Origin
2014-05-30 12:30 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 12:30 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 12:30 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 04:44 - 2014-04-23 18:58 - 00000000 ____D () C:\Users\VietUchiha\Desktop\No Game No Life
2014-05-29 14:46 - 2014-05-29 14:45 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\Origin
2014-05-29 14:43 - 2014-05-29 14:43 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-28 01:23 - 2014-05-28 01:23 - 00000114 ____H () C:\Users\VietUchiha\Desktop\.~lock.Symbol für Glück.odt#
2014-05-26 00:46 - 2014-05-01 14:11 - 00000000 ____D () C:\Users\VietUchiha\Desktop\Mekakucity Actors
2014-05-26 00:46 - 2014-04-23 20:07 - 00000000 ____D () C:\Users\VietUchiha\Desktop\Brynhildr in the Darkness
2014-05-24 19:21 - 2013-12-20 12:58 - 00001082 _____ () C:\Users\VietUchiha\Desktop\Notizen.txt
2014-05-22 12:22 - 2014-05-21 12:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-22 12:22 - 2014-04-02 23:22 - 00000000 ____D () C:\ProgramData\Skype
2014-05-22 12:21 - 2014-04-02 23:35 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 12:21 - 2014-04-02 23:35 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-21 12:26 - 2014-05-21 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-19 22:36 - 2014-05-19 22:35 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\Google
2014-05-19 22:35 - 2014-05-19 22:35 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-19 22:35 - 2014-05-19 22:35 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-19 22:35 - 2014-05-19 22:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-19 22:09 - 2014-05-19 22:06 - 00018854 _____ () C:\Users\VietUchiha\Desktop\Politik.odt
2014-05-19 20:23 - 2014-05-19 20:23 - 00018928 _____ () C:\Users\VietUchiha\Desktop\Kündigung.odt
2014-05-18 21:29 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-18 21:28 - 2014-05-15 14:32 - 00000000 ____D () C:\Users\VietUchiha\AppData\Roaming\VMware
2014-05-17 18:04 - 2014-05-17 18:04 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-05-17 18:04 - 2014-05-17 18:04 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-05-17 00:15 - 2014-05-16 19:26 - 00000000 ____D () C:\Users\VietUchiha\AppData\Roaming\FileZilla
2014-05-16 19:26 - 2014-05-16 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-05-16 19:26 - 2014-05-16 19:26 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-05-16 19:25 - 2014-05-16 19:26 - 04968079 _____ (Tim Kosse) C:\Users\VietUchiha\Downloads\FileZilla_3.8.0_win32-setup [1].exe
2014-05-15 21:05 - 2014-04-02 23:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 18:34 - 2014-05-15 18:34 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\VMware
2014-05-15 18:34 - 2014-05-15 14:32 - 00000000 ____D () C:\ProgramData\VMware
2014-05-15 14:52 - 2014-05-15 14:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-15 14:52 - 2014-05-15 14:52 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-15 14:52 - 2014-05-15 14:52 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-15 14:52 - 2014-05-15 14:52 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-15 14:52 - 2014-05-15 14:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-15 14:52 - 2014-05-15 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-05-15 14:52 - 2014-05-15 14:51 - 00000000 ____D () C:\Program Files\Java
2014-05-15 14:52 - 2014-05-15 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-15 14:32 - 2014-05-15 14:32 - 00002015 _____ () C:\Users\Public\Desktop\VMware Horizon View Client.lnk
2014-05-15 14:32 - 2014-05-15 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-05-15 14:32 - 2014-05-15 14:32 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-05-15 14:17 - 2014-04-02 23:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 14:17 - 2014-04-02 23:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 13:54 - 2014-05-15 13:54 - 00000000 ____D () C:\ProgramData\Sun
2014-05-15 13:53 - 2014-05-15 13:53 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-10 12:52 - 2014-04-03 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 02:16 - 2014-04-03 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 15:11 - 2014-04-02 23:47 - 00000000 ____D () C:\Users\VietUchiha\AppData\Local\Adobe
2014-05-06 19:48 - 2014-03-10 03:35 - 00000000 ____D () C:\Users\VietUchiha\Desktop\Bilder
2014-05-06 19:34 - 2014-05-06 19:34 - 402691109 _____ () C:\Windows\MEMORY.DMP
2014-05-06 19:34 - 2014-05-06 19:34 - 00890400 _____ () C:\Windows\Minidump\050614-15225-01.dmp
2014-05-06 19:34 - 2014-04-09 01:34 - 00000000 ____D () C:\Windows\Minidump
2014-05-06 01:24 - 2014-05-06 01:22 - 00193277 _____ () C:\Windows\hphins34.dat
2014-05-06 01:24 - 2014-05-06 01:22 - 00000358 _____ () C:\ProgramData\hpzinstall.log
2014-05-06 01:24 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 01:23 - 2014-05-06 01:23 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-06 01:22 - 2014-05-06 01:22 - 00000000 ____D () C:\ProgramData\HP

Some content of TEMP:
====================
C:\Users\VietUchiha\AppData\Local\Temp\avgnt.exe
C:\Users\VietUchiha\AppData\Local\Temp\installerdll1185420.dll
C:\Users\VietUchiha\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-11 14:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by VietUchiha at 2014-06-04 18:10:30
Running from C:\Users\VietUchiha\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DJ_SF_06_D5500_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
f.lux (HKCU\...\Flux) (Version:  - )
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Deskjet D5500 Printer Driver 14.0 Rel. 6 (HKLM\...\{FE45D881-F9B6-40C0-A833-8CAF92094AB3}) (Version: 14.0 - HP)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Proxifier version 3.21 (HKLM-x32\...\Proxifier_is1) (Version: 3.21 - Initex)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - SopCast - Free P2P internet TV | live football, NBA, cricket)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Uninstall LSI (HKLM-x32\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: 3.1 - Aequus Gaming Ltd.)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VMware Horizon View Client (HKLM\...\{7D083B52-2E0D-450F-AEA8-2FBF2599D64E}) (Version: 2.3.3.18259 - VMware, Inc.)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

30-05-2014 19:06:06 Microsoft Visual C++ 2005 Redistributable wird installiert
30-05-2014 19:07:04 DirectX wurde installiert
04-06-2014 15:14:37 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1A810ED5-E6F5-432F-B8BC-844E38516942} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.)
Task: {3856C070-AD7C-492E-A574-0A8282D26E8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {56CB5219-6B21-4F16-8F29-0219C3E82F42} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {596F867F-BA7E-415C-9D8E-E2F7FEB00AE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19] (Google Inc.)
Task: {860627F6-430A-40DD-BDEB-7BCF5789A36C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {D429837D-3690-4CE7-9847-5C2806465A5F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {DDBF6BEA-1308-4157-982A-56E3F38BD877} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {DEB8BBCA-7528-477B-997C-D00DF64E6709} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-03-18] (Oracle Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-03 17:44 - 2012-11-22 18:57 - 00057448 _____ () C:\Windows\system32\PrxerNsp.dll
2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-30 13:11 - 2014-05-30 13:11 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-30 13:11 - 2014-05-30 13:11 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-04-03 00:29 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2014-04-02 23:09 - 2010-08-11 11:32 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-04-02 23:09 - 2010-08-11 11:32 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-04-02 23:09 - 2010-08-11 11:32 - 00105584 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2014-04-02 23:09 - 2010-08-11 11:32 - 64643696 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-04-02 23:35 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-02 23:35 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-02 23:35 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-02 23:35 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-02 23:35 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-03 00:29 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-12-13 08:12 - 2013-12-13 08:12 - 00307712 _____ () C:\Users\VietUchiha\AppData\Roaming\Curse Client\Bin\opus.dll
2014-03-10 13:55 - 2014-05-22 18:55 - 00437248 _____ () C:\Users\VietUchiha\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2014-04-03 19:18 - 2014-05-10 02:16 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-15 14:17 - 2014-05-15 14:17 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 05:57:23 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (06/04/2014 05:56:25 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (06/04/2014 05:51:35 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (06/04/2014 05:35:07 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (06/04/2014 05:28:27 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (06/04/2014 05:24:01 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (06/04/2014 05:21:25 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (06/04/2014 05:21:08 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (06/04/2014 05:20:40 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (06/04/2014 05:18:53 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!


System errors:
=============
Error: (06/02/2014 07:52:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (06/01/2014 07:04:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/01/2014 10:21:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/01/2014 10:21:31 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (06/01/2014 10:21:28 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/31/2014 08:55:52 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/31/2014 07:34:43 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/31/2014 07:34:41 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/30/2014 09:05:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/30/2014 09:05:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.


Microsoft Office Sessions:
=========================
Error: (06/04/2014 05:57:23 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (06/04/2014 05:56:25 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (06/04/2014 05:51:35 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (06/04/2014 05:35:07 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (06/04/2014 05:28:27 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (06/04/2014 05:24:01 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (06/04/2014 05:21:25 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (06/04/2014 05:21:08 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (06/04/2014 05:20:40 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (06/04/2014 05:18:53 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 8191.37 MB
Available physical RAM: 6255.79 MB
Total Pagefile: 16380.88 MB
Available Pagefile: 14199.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:759.81 GB) NTFS
Drive d: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:372.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 0EDFE4F2)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8883F6CA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

Problem mit avira behoben doch kommt mir der rechner langsamer vor und league of elgends wir beim öffnen nicht gestartet.

Hat sich erledigt nachdem ich neugestartet hab ging im System nichts alles war weg wchnellstartleiste startmenü etc konnte auch keine Ordner per Rechtsklick erstellen tastur auf englisch jetzt formatiere ich.
__________________

Alt 05.06.2014, 19:22   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet Page, jetzt startet Avira nicht - Standard

Sweet Page, jetzt startet Avira nicht



hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.06.2014, 21:11   #5
VietUchiha
 
Sweet Page, jetzt startet Avira nicht - Standard

Sweet Page, jetzt startet Avira nicht



Ich hab formatiert ist alles ok. Sry für die Arbeit.


Alt 06.06.2014, 20:40   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Sweet Page, jetzt startet Avira nicht - Standard

Sweet Page, jetzt startet Avira nicht



ok.
__________________
--> Sweet Page, jetzt startet Avira nicht

Antwort

Themen zu Sweet Page, jetzt startet Avira nicht
appdata, avira, blöd, browser, dateien, exe, explorer, firefox, gelöscht, google, internet, internet explorer, log, manuel, microsoft, mozilla, neustart, ordner, preferences, registrierungsdatenbank, seite, software, startet, startseite, system, temp, windows



Ähnliche Themen: Sweet Page, jetzt startet Avira nicht


  1. sweet-page.com entfernen
    Anleitungen, FAQs & Links - 15.03.2015 (2)
  2. Sweet-Page Chrome
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (13)
  3. Sweet Page und mehr
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (5)
  4. Kann Programm "Sweet Page" nicht deinstalieren
    Plagegeister aller Art und deren Bekämpfung - 07.06.2014 (14)
  5. Sweet Page
    Log-Analyse und Auswertung - 04.06.2014 (1)
  6. Webget und Sweet page
    Plagegeister aller Art und deren Bekämpfung - 23.05.2014 (10)
  7. Windows7 - Sweet Page
    Log-Analyse und Auswertung - 14.05.2014 (3)
  8. Entfernung Sweet-page.com
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (3)
  9. Sweet page :(
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (9)
  10. sweet-page.com entfernen / Logfiles
    Log-Analyse und Auswertung - 31.03.2014 (1)
  11. Sweet-Page und und und.
    Plagegeister aller Art und deren Bekämpfung - 25.03.2014 (19)
  12. Sweet-page.com Browser Hijacker entfernen
    Anleitungen, FAQs & Links - 25.02.2014 (2)
  13. Sweet Page nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 23.02.2014 (19)
  14. Startseite Sweet-page lässt sich nicht entfernen / hijacker ?
    Log-Analyse und Auswertung - 03.02.2014 (10)
  15. Sweet Page Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (1)
  16. Sweet-Page.com entfernen
    Anleitungen, FAQs & Links - 28.12.2013 (2)
  17. Sweet Page entfernen
    Anleitungen, FAQs & Links - 28.12.2013 (2)

Zum Thema Sweet Page, jetzt startet Avira nicht - Hallo Leute, hab wie blöd ich in diesem moment auch war ne exe mit 1mb geöffnet. Danach hatten alle Browser als startseite sweetpage. Erst hab ich mein System wiederhergestellt... nix! - Sweet Page, jetzt startet Avira nicht...
Archiv
Du betrachtest: Sweet Page, jetzt startet Avira nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.