Avira Fehlermeldung: Dieses Programm wurde durch Gruppenrichtlinien Blockiert. Ein Trojaner?

Marcel.W · 24.06.2014, 17:34

Hallo
Ich habe dass Programm Avira mir gekauft und instaliert eine Zeit lang ging alles klatt doch jetzt startet es nicht mehr und gibt mir diese Fehlermeldung dass es durch Gruppenrichtlinen Blockiert wird.
Danach habe ich natürlich direkt bei googel danach gesucht und mich Informiert was dass für eine Fehlermeldung ist und kam auf diese Seite.
Ich hoffe es ist nichts schwerwiegendes und dass man es beheben kann und wen es ein Trojaner ist entfernen kann.

Ich sage schonmal Danke

Mit schönen Grüßen
-----------------------
Marcel.W

Machiavelli · 24.06.2014, 17:47

Hallo und willkommen an Board, Marcel.W

Mein Name ist Machiavelli und werde bei Deinem Malware Problemen behilflich sein. Falls Du Dich im abgesicherten Modus befindest, würde ich Dir raten, alle Anweisungen von mir auszudrucken, um besseren Überblick auf die Gesamtsituation zu bekommen. Ich bin hier im Malwareteam und daher ist es mir möglich, Dir zu helfen.

Damit eine Bereinigung ermöglicht werden kann, musst Du ein paar Regeln/Tipps beachten:

Malware zu entfernen ist normalerweise recht schwierig
Heutige Malware kann sich sehr gut verstecken, so kann es sein, dass es bestimmte Tools nicht sehen. Eine Neuinstallation ist daher oft das klügere.
Bitte folge meinen Anweisung bis in das kleinste Detail
Falls Du was falsches machst, wie z.B. irgendwas fixt, was nicht durch mich genehmigt wurde, kann der PC dadurch beschädigt werden. Daher folge meinen Anweisungen ganz genau
Bleibe mit mir in Kontakt, bis Deine Probleme vollständig gelöst sind
Themen, in welchen innerhalb von 4 Tagen keine Antwort gepostet wird, werden geschlossen.
Bitte lasse keine anderen Tools laufen, während ich bereinige
Wenn Du Tools wie z.B. Malwarebytes etc. ohne meines Wissens laufen lässt, kann es unter Umständen Ergebnisse verfälschen.
Ließ meine Posts vollständig durch
Falls nicht, kann das zu schwerwiegenden Problemen (z.B. PC bootet nicht mehr) führen oder der Prozess der Malwareentfernung wird länger

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Marcel.W · 24.06.2014, 18:28

Dass sind die Dateien.

Danke an Machiavelli für die schnelle antwort und dafür dass Sie sich um mein Problem kümmern.

Mit schönen Grüßen
-------------------------
Marcel.W

Machiavelli · 24.06.2014, 18:48

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Marcel.W · 24.06.2014, 18:57

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by RainerW (administrator) on RAINERW-PC on 24-06-2014 19:19:06
Running from C:\Users\RainerW\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\ProgramData\HP Link5 Config\PelLinkS.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\ProgramData\HP Link5 Config\PelLink5.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Link5 Monitor\hpMonitor26.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe
(Hewlett-Packard) C:\ProgramData\HP Link5 Config\Link5HID.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\ProgramData\HP Link5 Config\VolOSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
( ) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-08-20] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-08-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-08-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-08-20] (Lenovo)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [485960 2014-04-21] ( )
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-08-20] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [PelLink5] => C:\ProgramData\HP Link5 Config\PelLink5.exe [173568 2012-06-14] (Hewlett-Packard)
HKLM-x32\...\Run: [HPMonitor] => C:\Program Files (x86)\Hewlett-Packard\HP Link5 Monitor\hpMonitor26.exe [103424 2012-06-19] (Hewlett-Packard)
HKLM-x32\...\Run: [VideoDownloadConverter EPM Support] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe [12872 2014-04-21] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [55368 2014-04-21] (Mindspark)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [61512 2014-04-21] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe [71752 2014-04-21] (VER_COMPANY_NAME)
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3602110073-312203238-1437116363-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-20] (Google Inc.)
HKU\S-1-5-21-3602110073-312203238-1437116363-1001\...\Run: [OmibNuxfa] => regsvr32.exe "
HKU\S-1-5-21-3602110073-312203238-1437116363-1001\...\Run: [AxmuwAqruv] => regsvr32.exe "
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm382^YYA^de&si=pconverter&ptb=AFEDA5F7-B8D7-4174-A275-5B23763D013F&ind=2014042112&n=780bd800&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7KMOH_deDE526DE527
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3329604&octid=EB_ORIGINAL_CTID&ISID=2BB2AF27-52AF-4A8A-8116-58517B2A198D&SearchSource=58&CUI=&UM=5&UP=SPDF288960-6EE7-41C3-BCA2-9F70B7887193&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7KMOH_deDE526DE527
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm382^YYA^de&si=pconverter&ptb=AFEDA5F7-B8D7-4174-A275-5B23763D013F&ind=2014042112&n=780bd800&psa=&st=sb&searchfor={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (Mindspark)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\RainerW\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\RainerW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-07-12]
CHR Extension: (YouTube) - C:\Users\RainerW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-07]
CHR Extension: (Google-Suche) - C:\Users\RainerW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-07]
CHR Extension: (Google Wallet) - C:\Users\RainerW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\RainerW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-07]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]

==================== Services (Whitelisted) =================

R3 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-05-20] (Avira Operations GmbH & Co. KG)
R3 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R3 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 bgsvcgen; C:\Windows\SysWOW64\bgsvcgen.exe [122512 2006-12-28] (B.H.A Corporation) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 PelLinkS; C:\ProgramData\HP Link5 Config\PelLinkS.exe [172032 2010-11-30] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-18] ()
R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [88648 2014-04-21] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-07-12] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-07-12] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) [File not signed]
R3 HPMoA407; C:\Windows\System32\DRIVERS\HPMoA407.sys [25088 2011-10-31] (Hewlett-Packard.)
R3 HPubA407; C:\Windows\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Hewlett-Packard.)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
S3 trustms; C:\Windows\System32\drivers\trustms.sys [12416 2010-11-15] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-24 19:19 - 2014-06-24 19:19 - 00025910 _____ () C:\Users\RainerW\Downloads\FRST.txt
2014-06-24 19:18 - 2014-06-24 19:19 - 00000000 ____D () C:\FRST
2014-06-24 19:18 - 2014-06-24 19:18 - 02082816 _____ (Farbar) C:\Users\RainerW\Downloads\FRST64.exe
2014-06-24 18:12 - 2014-06-24 18:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-24 18:12 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-24 17:46 - 2014-06-24 17:46 - 00002988 _____ () C:\Windows\System32\Tasks\{663C831E-D825-4F99-A627-E56B90BE4D93}
2014-06-24 17:46 - 2014-06-24 17:46 - 00002988 _____ () C:\Windows\System32\Tasks\{3CF1CD33-783D-41A5-B161-CCC53CDAE3F5}
2014-06-20 13:18 - 2014-06-20 13:18 - 52702430 _____ () C:\Users\RainerW\Documents\The Legend of Zelda Majora's Mask - Song of Healing Remix.mp4
2014-06-19 21:24 - 2014-06-19 21:36 - 63958692 _____ () C:\Users\RainerW\Downloads\Vrist - Adventure Map v2.7.4 [14w21b].zip
2014-06-17 17:28 - 2014-06-17 17:30 - 05335572 _____ () C:\Users\RainerW\Downloads\Pokemon Feuerrot (D).zip
2014-06-16 21:20 - 2014-06-16 21:20 - 00000222 _____ () C:\Users\RainerW\AppData\Roaming\Sanctum 2.url
2014-06-16 18:05 - 2014-06-16 18:05 - 00000222 _____ () C:\Users\RainerW\AppData\Roaming\The Forest.url
2014-06-12 20:04 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 20:04 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 20:04 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 20:04 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 20:04 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 20:04 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 20:04 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 20:04 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 20:04 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 20:04 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 20:04 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 20:04 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 20:04 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 20:04 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 20:04 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 20:04 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 20:04 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 20:04 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 20:04 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 20:04 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 20:04 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 20:04 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 20:04 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 20:04 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 20:03 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 20:03 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 20:03 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 20:03 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 20:03 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 20:03 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 20:03 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 20:03 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 20:03 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 20:03 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 20:03 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 20:03 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 20:03 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 20:03 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 20:03 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 20:03 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 20:03 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 20:03 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 20:03 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 20:03 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 20:03 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 20:03 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 20:03 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 20:03 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 20:03 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 20:03 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 20:03 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 20:03 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 19:14 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 19:14 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 19:14 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 19:14 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 19:13 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 19:13 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 19:13 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 19:13 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 19:13 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 19:13 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 19:13 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 19:13 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 19:07 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 19:07 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-09 08:58 - 2014-06-20 13:43 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\.minecraft
2014-06-09 08:58 - 2014-06-09 08:58 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\Neuer Ordner
2014-06-08 21:55 - 2014-06-09 08:50 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\minecraft 3 shader
2014-06-08 21:51 - 2014-06-08 21:51 - 01167541 _____ () C:\Users\RainerW\Downloads\anatom.rar
2014-06-08 21:38 - 2014-06-08 21:39 - 05414115 _____ () C:\Users\RainerW\Downloads\DieTogetherShow Welt(nach PorkchopMedia).zip
2014-06-08 09:18 - 2014-06-08 09:30 - 01789928 _____ () C:\Users\RainerW\Downloads\Meine Shaderpacks.rar
2014-06-07 20:56 - 2014-06-07 20:56 - 00153564 _____ () C:\Users\RainerW\Downloads\shaders.zip
2014-06-07 09:48 - 2014-06-07 09:51 - 06465698 _____ () C:\Users\RainerW\Downloads\modern-real-pack3-2.zip
2014-06-07 09:46 - 2014-06-07 09:46 - 00578336 _____ () C:\Users\RainerW\Downloads\Silent Hill Texture Pack 128x 1.exe
2014-05-31 19:40 - 2014-06-04 14:21 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-31 19:34 - 2014-06-04 14:20 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\Origin
2014-05-31 19:34 - 2014-05-31 19:40 - 00000000 ____D () C:\Users\RainerW\AppData\Local\Origin
2014-05-31 19:26 - 2014-06-13 06:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-31 19:26 - 2014-06-12 19:49 - 00000000 ____D () C:\ProgramData\Origin
2014-05-31 19:26 - 2014-05-31 19:26 - 00000990 _____ () C:\Users\RainerW\AppData\Roaming\Origin.lnk
2014-05-31 19:26 - 2014-05-31 19:26 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-31 19:24 - 2014-05-31 19:26 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\RainerW\Downloads\OriginThinSetup.exe
2014-05-28 16:07 - 2014-05-28 16:07 - 00000000 ____D () C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543}
2014-05-27 12:21 - 2014-05-27 12:22 - 19870921 _____ () C:\Users\RainerW\Downloads\Sphax PureBDCraft 128x.zip

==================== One Month Modified Files and Folders =======

2014-06-24 19:19 - 2014-06-24 19:19 - 00025910 _____ () C:\Users\RainerW\Downloads\FRST.txt
2014-06-24 19:19 - 2014-06-24 19:18 - 00000000 ____D () C:\FRST
2014-06-24 19:18 - 2014-06-24 19:18 - 02082816 _____ (Farbar) C:\Users\RainerW\Downloads\FRST64.exe
2014-06-24 18:38 - 2009-07-14 06:51 - 00089823 _____ () C:\Windows\setupact.log
2014-06-24 18:25 - 2012-08-20 10:43 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 18:24 - 2009-07-14 06:45 - 00031840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 18:24 - 2009-07-14 06:45 - 00031840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 18:20 - 2012-08-20 09:57 - 01883756 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 18:18 - 2012-08-20 10:45 - 00170375 _____ () C:\Windows\system32\fastboot.set
2014-06-24 18:17 - 2012-08-20 10:43 - 00000000 ____D () C:\ProgramData\VeriFace
2014-06-24 18:16 - 2013-03-07 14:37 - 01652176 _____ () C:\FaceProv.log
2014-06-24 18:16 - 2012-08-20 10:43 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 18:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 18:13 - 2014-06-24 18:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-24 18:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-24 17:46 - 2014-06-24 17:46 - 00002988 _____ () C:\Windows\System32\Tasks\{663C831E-D825-4F99-A627-E56B90BE4D93}
2014-06-24 17:46 - 2014-06-24 17:46 - 00002988 _____ () C:\Windows\System32\Tasks\{3CF1CD33-783D-41A5-B161-CCC53CDAE3F5}
2014-06-24 17:18 - 2012-08-20 19:40 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-06-24 17:18 - 2012-08-20 19:40 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-06-24 17:18 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-24 15:07 - 2010-11-21 05:47 - 00787900 _____ () C:\Windows\PFRO.log
2014-06-24 14:57 - 2013-07-12 12:49 - 00002077 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-24 12:48 - 2013-07-12 12:49 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-20 13:43 - 2014-06-09 08:58 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\.minecraft
2014-06-20 13:18 - 2014-06-20 13:18 - 52702430 _____ () C:\Users\RainerW\Documents\The Legend of Zelda Majora's Mask - Song of Healing Remix.mp4
2014-06-20 11:46 - 2013-10-06 16:39 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\Skype
2014-06-20 10:45 - 2013-10-04 16:38 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\Craften Terminal
2014-06-19 22:39 - 2014-03-25 15:09 - 00000000 _____ () C:\dfu.log
2014-06-19 22:38 - 2014-03-25 14:20 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-06-19 21:36 - 2014-06-19 21:24 - 63958692 _____ () C:\Users\RainerW\Downloads\Vrist - Adventure Map v2.7.4 [14w21b].zip
2014-06-19 17:49 - 2014-03-23 20:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-17 17:30 - 2014-06-17 17:28 - 05335572 _____ () C:\Users\RainerW\Downloads\Pokemon Feuerrot (D).zip
2014-06-16 21:20 - 2014-06-16 21:20 - 00000222 _____ () C:\Users\RainerW\AppData\Roaming\Sanctum 2.url
2014-06-16 18:05 - 2014-06-16 18:05 - 00000222 _____ () C:\Users\RainerW\AppData\Roaming\The Forest.url
2014-06-13 06:02 - 2014-05-31 19:26 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-13 05:27 - 2012-08-20 10:44 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 03:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 03:00 - 2014-05-03 13:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 19:49 - 2014-05-31 19:26 - 00000000 ____D () C:\ProgramData\Origin
2014-06-09 08:58 - 2014-06-09 08:58 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\Neuer Ordner
2014-06-09 08:50 - 2014-06-08 21:55 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\minecraft 3 shader
2014-06-08 21:51 - 2014-06-08 21:51 - 01167541 _____ () C:\Users\RainerW\Downloads\anatom.rar
2014-06-08 21:39 - 2014-06-08 21:38 - 05414115 _____ () C:\Users\RainerW\Downloads\DieTogetherShow Welt(nach PorkchopMedia).zip
2014-06-08 11:13 - 2014-06-12 19:07 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 19:07 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-08 09:30 - 2014-06-08 09:18 - 01789928 _____ () C:\Users\RainerW\Downloads\Meine Shaderpacks.rar
2014-06-07 20:56 - 2014-06-07 20:56 - 00153564 _____ () C:\Users\RainerW\Downloads\shaders.zip
2014-06-07 09:51 - 2014-06-07 09:48 - 06465698 _____ () C:\Users\RainerW\Downloads\modern-real-pack3-2.zip
2014-06-07 09:49 - 2013-11-16 17:50 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\texturepacks
2014-06-07 09:46 - 2014-06-07 09:46 - 00578336 _____ () C:\Users\RainerW\Downloads\Silent Hill Texture Pack 128x 1.exe
2014-06-06 19:06 - 2013-10-06 16:39 - 00000000 ____D () C:\ProgramData\Skype
2014-06-06 19:05 - 2014-03-11 11:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-04 14:21 - 2014-05-31 19:40 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-04 14:20 - 2014-05-31 19:34 - 00000000 ____D () C:\Users\RainerW\AppData\Roaming\Origin
2014-06-01 17:17 - 2014-06-24 18:12 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-31 19:40 - 2014-05-31 19:34 - 00000000 ____D () C:\Users\RainerW\AppData\Local\Origin
2014-05-31 19:26 - 2014-05-31 19:26 - 00000990 _____ () C:\Users\RainerW\AppData\Roaming\Origin.lnk
2014-05-31 19:26 - 2014-05-31 19:26 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-31 19:26 - 2014-05-31 19:24 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\RainerW\Downloads\OriginThinSetup.exe
2014-05-30 12:21 - 2014-06-12 20:03 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 20:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 20:03 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 20:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 20:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 20:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 20:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 20:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 20:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 20:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-12 20:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-12 20:03 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 20:04 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 20:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 20:03 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 20:04 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 20:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 20:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 20:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 20:03 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 20:03 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 20:03 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 20:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 20:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 20:04 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 20:03 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 20:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 20:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 20:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 20:04 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 20:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 20:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 20:03 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 20:03 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 20:04 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 20:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 20:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 20:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 20:04 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 20:03 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 20:03 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 20:04 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 20:03 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 20:04 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 20:03 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 20:04 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 20:04 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 20:03 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 20:04 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 20:03 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 20:03 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 18:25 - 2014-02-08 15:02 - 00000000 ____D () C:\Users\RainerW\Documents\DVDVideoSoft
2014-05-28 16:07 - 2014-05-28 16:07 - 00000000 ____D () C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543}
2014-05-27 12:22 - 2014-05-27 12:21 - 19870921 _____ () C:\Users\RainerW\Downloads\Sphax PureBDCraft 128x.zip

Some content of TEMP:
====================
C:\Users\RainerW\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\RainerW\AppData\Local\Temp\avgnt.exe
C:\Users\RainerW\AppData\Local\Temp\c4160bb0570adeed93d4f65e05501ed4.dll
C:\Users\RainerW\AppData\Local\Temp\dpthhlz2.dll
C:\Users\RainerW\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_Free3GPVideoConverter.exe
C:\Users\RainerW\AppData\Local\Temp\ICReinstall_FreeStudio.exe
C:\Users\RainerW\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\RainerW\AppData\Local\Temp\nsq5312.exe
C:\Users\RainerW\AppData\Local\Temp\nsr2603.exe
C:\Users\RainerW\AppData\Local\Temp\nsw3733.exe
C:\Users\RainerW\AppData\Local\Temp\nsw6D24.exe
C:\Users\RainerW\AppData\Local\Temp\nsw7031.exe
C:\Users\RainerW\AppData\Local\Temp\_is206F.exe
C:\Users\RainerW\AppData\Local\Temp\_is3F53.exe
C:\Users\RainerW\AppData\Local\Temp\_isA48E.exe
C:\Users\RainerW\AppData\Local\Temp\_isFB83.exe
C:\Users\RainerW\AppData\Local\Temp\{555E1A69-9872-40AA-8DD2-842F65400C00}-29.0.1547.57_28.0.1500.95_chrome_updater.exe
C:\Users\RainerW\AppData\Local\Temp\{7A6AE759-814E-4DE7-B00F-0F6F80000B77}-GoogleToolbarInstaller_updater_signed.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 09:23

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by RainerW at 2014-06-24 19:19:46
Running from C:\Users\RainerW\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.444 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Battlefield Play4Free (HKCU\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.82.112 - Broadcom Corporation)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Craften Terminal 3.5.5 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 3.5.5 - Craften.de)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.1 "Baby Genius" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.1 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Haunt 1.0 64bit (HKCU\...\Haunt 1.0 64bit) (Version:  - )
HD Writer (x32 Version: 1.00.0000 - panasonic) Hidden
HD Writer V2.0E for SX/SD (HKLM-x32\...\{4BCD581A-404A-483A-869D-109853007C32}) (Version: 2.0.015.1031 - Matsushita Electric Industrial Co., Ltd.)
HP Wireless Mouse Suite 2.6 (HKLM-x32\...\{A9B6EA3B-1B6F-4A8B-8832-58C9392F501F}) (Version: 2.6 - Hewlett-Packard)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 03.05.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.6 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.6 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.1206.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Napster 5 Beta (HKLM-x32\...\com.Rhapsody.Napster5) (Version: 1.0.65 - Rhapsody International, Inc)
Napster 5 Beta (x32 Version: 1.0.65 - Rhapsody International, Inc) Hidden
Nostale(DE) (HKLM-x32\...\NosTale(DE)_is1) (Version:  - Gameforge 4D GmbH)
Nsd (HKLM-x32\...\{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}) (Version: 1.0.1.7 - Lenovo)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.9 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.9 - Lenovo) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39015 - Realtek Semiconductor Corp.)
ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.49.86082 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.33.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
VideoDownloadConverter Internet Explorer Toolbar (HKLM-x32\...\VideoDownloadConverter_4zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 5.00 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)

==================== Restore Points  =========================

06-06-2014 07:58:42 Geplanter Prüfpunkt
13-06-2014 01:00:15 Windows Update
22-06-2014 15:48:23 Windows Update
24-06-2014 16:11:37 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1A0095FB-ED0D-4740-9AD1-C2EB209D7B5D} - System32\Tasks\{663C831E-D825-4F99-A627-E56B90BE4D93} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2014-06-24] (Avira Operations GmbH & Co. KG)
Task: {1BBC3C05-DDD4-4D2B-8726-99862DBC4EFD} - System32\Tasks\OFFICE2010ACT => C:\Windows\system32\OFFICEICON.vbs [2012-02-23] ()
Task: {69F995BD-3138-442E-8711-9139C184C27A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: {6DE9C226-45B2-4660-9863-EEF1E185E924} - System32\Tasks\{3CF1CD33-783D-41A5-B161-CCC53CDAE3F5} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2014-06-24] (Avira Operations GmbH & Co. KG)
Task: {8AC0D68E-7705-4435-AF52-FFA5F1CF23E7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {A77437C7-7C48-4C01-A018-3B2AB50B5FD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-19 12:01 - 2014-02-08 20:34 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-20 10:12 - 2014-02-08 19:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-20 10:25 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2011-06-02 13:58 - 2011-06-02 13:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-06-02 13:59 - 2011-06-02 13:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-08-20 10:43 - 2012-08-20 10:43 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2008-12-20 03:20 - 2012-08-20 10:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 16:22 - 2012-08-20 10:45 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 16:31 - 2012-08-20 10:45 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 03:20 - 2012-08-20 10:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-08-20 10:41 - 2012-08-20 10:41 - 00099680 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2014-03-18 16:35 - 2014-03-18 19:53 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-11-30 18:04 - 2010-11-30 18:04 - 00172032 _____ () C:\ProgramData\HP Link5 Config\PelLinkS.exe
2012-08-20 10:41 - 2011-12-08 11:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2012-05-05 13:16 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2010-10-25 12:48 - 2010-10-25 12:48 - 00288768 _____ () C:\ProgramData\HP Link5 Config\VolOSD.exe
2011-06-02 13:57 - 2011-06-02 13:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-06-02 13:58 - 2011-06-02 13:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2014-02-19 12:01 - 2014-02-08 20:34 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-20 10:43 - 2012-08-20 10:43 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2011-06-28 08:28 - 2011-06-28 08:28 - 00042496 _____ () C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\QTKB.dll
2012-06-20 18:41 - 2012-06-20 18:41 - 00079360 _____ () C:\ProgramData\HP Link5 Config\PelComm.dll
2012-06-14 11:02 - 2012-06-14 11:02 - 00047104 _____ () C:\ProgramData\HP Link5 Config\PelDrv.dll
2010-06-21 15:57 - 2010-06-21 15:57 - 00459264 _____ () C:\ProgramData\HP Link5 Config\PelHooks.dll
2012-07-24 14:38 - 2012-07-24 14:38 - 00108032 _____ () C:\ProgramData\HP Link5 Config\PelUtil.dll
2010-09-17 12:48 - 2010-09-17 12:48 - 00028672 _____ () C:\ProgramData\HP Link5 Config\PelMagnf.dll
2012-06-20 18:56 - 2012-06-20 18:56 - 00131072 _____ () C:\ProgramData\HP Link5 Config\PelScrll.dll
2012-08-20 10:25 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2014 06:17:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).


System errors:
=============
Error: (06/24/2014 06:17:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (06/24/2014 06:17:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (06/24/2014 06:17:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (06/24/2014 06:17:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (06/24/2014 06:17:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (06/24/2014 06:16:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/24/2014 06:16:34 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/24/2014 05:40:09 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (06/24/2014 05:40:09 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (06/24/2014 05:40:09 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (06/24/2014 06:17:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.

Error: (06/24/2014 06:17:21 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 6007.38 MB
Available physical RAM: 3717.38 MB
Total Pagefile: 12012.95 MB
Available Pagefile: 9254.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:653.44 GB) (Free:510.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: BC06CB14)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=12)

==================== End Of Log ============================

Entschuldigung für den kleinen Fehler.

Machiavelli · 24.06.2014, 19:11

Ich sehe Adware, und sehe auch den Grund, warum Avira nicht funktioniert.

==== Schritt 1: Deinstallationen ====

Bitte deinstalliere folgende Software:

Avira SearchFree Toolbar
VideoDownloadConverter Internet Explorer Toolbar

==== Schritt 2: Chrome Extensions ====

Starte Chrome und gib folgendes in die Adresszeile ein: chrome:extensions
Drücke auf Enter. Das wird Dir eine Liste von Extensions geben, welche in Chrome installiert sind. Bitte entferne folgende Extension, indem man auf das Papierkorbsymbol neben dem jeweiligen Extension klickt.

Bitte entferne diese Extensions:

Avira SearchFree Toolbar plus Web Protection

==== Schritt 3: FRST Fix ====

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [VideoDownloadConverter EPM Support] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe [12872 2014-04-21] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [55368 2014-04-21] (Mindspark)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [61512 2014-04-21] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe [71752 2014-04-21] (VER_COMPANY_NAME)
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKU\S-1-5-21-3602110073-312203238-1437116363-1001\...\Run: [OmibNuxfa] => regsvr32.exe "
HKU\S-1-5-21-3602110073-312203238-1437116363-1001\...\Run: [AxmuwAqruv] => regsvr32.exe "
URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm382^YYA^de&si=pconverter&ptb=AFEDA5F7-B8D7-4174-A275-5B23763D013F&ind=2014042112&n=780bd800&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3329604&octid=EB_ORIGINAL_CTID&ISID=2BB2AF27-52AF-4A8A-8116-58517B2A198D&SearchSource=58&CUI=&UM=5&UP=SPDF288960-6EE7-41C3-BCA2-9F70B7887193&q={searchTerms}&SSPV=
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm382^YYA^de&si=pconverter&ptb=AFEDA5F7-B8D7-4174-A275-5B23763D013F&ind=2014042112&n=780bd800&psa=&st=sb&searchfor={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (Mindspark)
R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [88648 2014-04-21] (COMPANYVERS_NAME)
C:\Program Files (x86)\VideoDownloadConverter_4z
C:\Program Files (x86)\AskPartnerNetwork
2014-06-24 17:46 - 2014-06-24 17:46 - 00002988 _____ () C:\Windows\System32\Tasks\{663C831E-D825-4F99-A627-E56B90BE4D93}
2014-06-24 17:46 - 2014-06-24 17:46 - 00002988 _____ () C:\Windows\System32\Tasks\{3CF1CD33-783D-41A5-B161-CCC53CDAE3F5}
2014-05-28 16:07 - 2014-05-28 16:07 - 00000000 ____D () C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543}
2014-05-28 18:25 - 2014-02-08 15:02 - 00000000 ____D () C:\Users\RainerW\Documents\DVDVideoSoft
C:\Users\RainerW\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\RainerW\AppData\Local\Temp\avgnt.exe
C:\Users\RainerW\AppData\Local\Temp\c4160bb0570adeed93d4f65e05501ed4.dll
C:\Users\RainerW\AppData\Local\Temp\dpthhlz2.dll
C:\Users\RainerW\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_Free3GPVideoConverter.exe
C:\Users\RainerW\AppData\Local\Temp\ICReinstall_FreeStudio.exe
C:\Users\RainerW\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\RainerW\AppData\Local\Temp\nsq5312.exe
C:\Users\RainerW\AppData\Local\Temp\nsr2603.exe
C:\Users\RainerW\AppData\Local\Temp\nsw3733.exe
C:\Users\RainerW\AppData\Local\Temp\nsw6D24.exe
C:\Users\RainerW\AppData\Local\Temp\nsw7031.exe
C:\Users\RainerW\AppData\Local\Temp\_is206F.exe
C:\Users\RainerW\AppData\Local\Temp\_is3F53.exe
C:\Users\RainerW\AppData\Local\Temp\_isA48E.exe
C:\Users\RainerW\AppData\Local\Temp\_isFB83.exe
C:\Users\RainerW\AppData\Local\Temp\{555E1A69-9872-40AA-8DD2-842F65400C00}-29.0.1547.57_28.0.1500.95_chrome_updater.exe
C:\Users\RainerW\AppData\Local\Temp\{7A6AE759-814E-4DE7-B00F-0F6F80000B77}-GoogleToolbarInstaller_updater_signed.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

==== Schritt 4: Adwarecleaner ====

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

==== Schritt 5: Malwarebytes ====

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

==== Schritt 6: Junkware Removal Tool ====

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

==== Schritt 7: FRST Scan ohne Download ====

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

==== Schritt 8: Frage ====

Wie läuft der PC?

Marcel.W · 24.06.2014, 20:29

Schritt 3: FRST Fix

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by RainerW at 2014-06-24 20:33:21 Run:1
Running from C:\Users\RainerW\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [VideoDownloadConverter EPM Support] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe [12872 2014-04-21] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [55368 2014-04-21] (Mindspark)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [61512 2014-04-21] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe [71752 2014-04-21] (VER_COMPANY_NAME)
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKU\S-1-5-21-3602110073-312203238-1437116363-1001\...\Run: [OmibNuxfa] => regsvr32.exe "
HKU\S-1-5-21-3602110073-312203238-1437116363-1001\...\Run: [AxmuwAqruv] => regsvr32.exe "
URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm382^YYA^de&si=pconverter&ptb=AFEDA5F7-B8D7-4174-A275-5B23763D013F&ind=2014042112&n=780bd800&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3329604&octid=EB_ORIGINAL_CTID&ISID=2BB2AF27-52AF-4A8A-8116-58517B2A198D&SearchSource=58&CUI=&UM=5&UP=SPDF288960-6EE7-41C3-BCA2-9F70B7887193&q={searchTerms}&SSPV=
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm382^YYA^de&si=pconverter&ptb=AFEDA5F7-B8D7-4174-A275-5B23763D013F&ind=2014042112&n=780bd800&psa=&st=sb&searchfor={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (Mindspark)
R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [88648 2014-04-21] (COMPANYVERS_NAME)
C:\Program Files (x86)\VideoDownloadConverter_4z
C:\Program Files (x86)\AskPartnerNetwork
2014-06-24 17:46 - 2014-06-24 17:46 - 00002988 _____ () C:\Windows\System32\Tasks\{663C831E-D825-4F99-A627-E56B90BE4D93}
2014-06-24 17:46 - 2014-06-24 17:46 - 00002988 _____ () C:\Windows\System32\Tasks\{3CF1CD33-783D-41A5-B161-CCC53CDAE3F5}
2014-05-28 16:07 - 2014-05-28 16:07 - 00000000 ____D () C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543}
2014-05-28 18:25 - 2014-02-08 15:02 - 00000000 ____D () C:\Users\RainerW\Documents\DVDVideoSoft
C:\Users\RainerW\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\RainerW\AppData\Local\Temp\avgnt.exe
C:\Users\RainerW\AppData\Local\Temp\c4160bb0570adeed93d4f65e05501ed4.dll
C:\Users\RainerW\AppData\Local\Temp\dpthhlz2.dll
C:\Users\RainerW\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_Free3GPVideoConverter.exe
C:\Users\RainerW\AppData\Local\Temp\ICReinstall_FreeStudio.exe
C:\Users\RainerW\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\RainerW\AppData\Local\Temp\nsq5312.exe
C:\Users\RainerW\AppData\Local\Temp\nsr2603.exe
C:\Users\RainerW\AppData\Local\Temp\nsw3733.exe
C:\Users\RainerW\AppData\Local\Temp\nsw6D24.exe
C:\Users\RainerW\AppData\Local\Temp\nsw7031.exe
C:\Users\RainerW\AppData\Local\Temp\_is206F.exe
C:\Users\RainerW\AppData\Local\Temp\_is3F53.exe
C:\Users\RainerW\AppData\Local\Temp\_isA48E.exe
C:\Users\RainerW\AppData\Local\Temp\_isFB83.exe
C:\Users\RainerW\AppData\Local\Temp\{555E1A69-9872-40AA-8DD2-842F65400C00}-29.0.1547.57_28.0.1500.95_chrome_updater.exe
C:\Users\RainerW\AppData\Local\Temp\{7A6AE759-814E-4DE7-B00F-0F6F80000B77}-GoogleToolbarInstaller_updater_signed.exe
         
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter EPM Support => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Search Scope Monitor => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter_4z Browser Plugin Loader => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter_4z Browser Plugin Loader 64 => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-3602110073-312203238-1437116363-1001\Software\Microsoft\Windows\CurrentVersion\Run\\OmibNuxfa => value deleted successfully.
HKU\S-1-5-21-3602110073-312203238-1437116363-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AxmuwAqruv => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{93a3111f-4f74-4ed8-895e-d9708497629e} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}' => Key deleted successfully.
'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}' => Key deleted successfully.
'HKCR\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}'=> Key not found.
'HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}'=> Key not found.
'HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => Value not found.
'HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => Value not found.
'HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}' => Key deleted successfully.
'HKLM\Software\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin' => Key deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => Moved successfully.
VideoDownloadConverter_4zService => Service stopped successfully.
VideoDownloadConverter_4zService => Service deleted successfully.

"C:\Program Files (x86)\VideoDownloadConverter_4z" directory move:

C:\Program Files (x86)\VideoDownloadConverter_4z\bar\Settings\s_pid.dat => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\Message\COMMON.T8S => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\IE9Mesg\COMMON.T8S => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\gen1\COMMON.T8S => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zauxstb64.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbprtct.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrstub64.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdlghk64.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zregfft.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zsrchmr.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATOR.EXE => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\APPINTEGRATORSTUB.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\ASSISTMONITOR.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\ASSISTMONITOR64.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\BOOTSTRAP.JS => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CHROME.MANIFEST => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\DPNMNGR.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\EXEMANAGER.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\FF-NativeMessagingDispatcher.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\Hpg64.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\INSTALL.RDF => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\installKeys.js => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\LOGO.BMP => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EPMSUP.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\TPIMANAGERCONSOLE.EXE => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\UNIFIEDLOGGING.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\VERIFY.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\chrome\4zffxtbr.jar => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML => Moved successfully.
Could not move "C:\Program Files (x86)\VideoDownloadConverter_4z" directory. => Scheduled to move on reboot.

"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
C:\Windows\System32\Tasks\{663C831E-D825-4F99-A627-E56B90BE4D93} => Moved successfully.
C:\Windows\System32\Tasks\{3CF1CD33-783D-41A5-B161-CCC53CDAE3F5} => Moved successfully.
C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543} => Moved successfully.
C:\Users\RainerW\Documents\DVDVideoSoft => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\c4160bb0570adeed93d4f65e05501ed4.dll => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\dpthhlz2.dll => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_Free3GPVideoConverter.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\ICReinstall_FreeStudio.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\nsq5312.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\nsr2603.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\nsw3733.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\nsw6D24.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\nsw7031.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\_is206F.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\_is3F53.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\_isA48E.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\_isFB83.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\{555E1A69-9872-40AA-8DD2-842F65400C00}-29.0.1547.57_28.0.1500.95_chrome_updater.exe => Moved successfully.
C:\Users\RainerW\AppData\Local\Temp\{7A6AE759-814E-4DE7-B00F-0F6F80000B77}-GoogleToolbarInstaller_updater_signed.exe => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-24 20:36:42)<=

C:\Program Files (x86)\VideoDownloadConverter_4z => Is moved successfully.

==== End of Fixlog ====

Schritt 4: Adwarecleaner

Code:

ATTFilter

# AdwCleaner v3.213 - Bericht erstellt am 24/06/2014 um 20:45:35
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : RainerW - RAINERW-PC
# Gestartet von : C:\Users\RainerW\Desktop\adwcleaner_3.213.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\RainerW\AppData\Local\VideoDownloadConverter_4z
Ordner Gelöscht : C:\Users\RainerW\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\RainerW\AppData\LocalLow\VideoDownloadConverter_4z

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\VideoDownloadConverter_4z
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Schlüssel Gelöscht : HKLM\Software\VideoDownloadConverter_4z
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v

-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\RainerW\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3329604&octid=EB_ORIGINAL_CTID&ISID=2BB2AF27-52AF-4A8A-8116-58517B2A198D&SearchSource=58&CUI=&UM=5&UP=SPDF288960-6EE7-41C3-BCA2-9F70B7887193&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [8771 octets] - [24/06/2014 20:41:10]
AdwCleaner[R1].txt - [8761 octets] - [24/06/2014 20:44:24]
AdwCleaner[R2].txt - [8821 octets] - [24/06/2014 20:45:13]
AdwCleaner[S0].txt - [8596 octets] - [24/06/2014 20:45:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8656 octets] ##########

Schritt 5: Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 24.06.2014 20:53:59, SYSTEM, RAINERW-PC, Protection, Malware Protection, Starting, 
Protection, 24.06.2014 20:53:59, SYSTEM, RAINERW-PC, Protection, Malware Protection, Started, 
Protection, 24.06.2014 20:53:59, SYSTEM, RAINERW-PC, Protection, Malicious Website Protection, Starting, 
Protection, 24.06.2014 20:54:24, SYSTEM, RAINERW-PC, Protection, Malicious Website Protection, Started, 

(end)

Schritt 6: Junkware Removal Tool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by RainerW on 24.06.2014 at 21:11:50,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.06.2014 at 21:17:19,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Schritt 8: Frage
Er läuft wieder einwandfrei, Avira startet sich und der PC ist auch schneller geworden.

Ein großes Dank an Sie dass SIe mir so gut geholfen haben.
Ich werde diese Seite aufjedenfall weiter empfehlen!

Großen Dank nochmals!

Machiavelli · 24.06.2014, 20:34

Schritt 7 fehlt.

Du hast dazu auch noch das falsche MBAM Log gepostet.

MBAM-Funde posten: So gehts...
Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden.
Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.

Starte MBAM.
Klicke auf Verlauf.
Klicke auf Anwendungsprotokolle.
Klicke auf das letzte Suchlaufprotokoll mit Funden.
Klicke auf "In Zwischenablage kopieren".
Poste den Inhalt in Code-Tags [CODE] [/CODE] durch Einfügen mit Strg+V als Antwort in Deinen Thread.

Machiavelli · 28.06.2014, 16:03

Thema aus meinen Abos gelöscht. Falls Du weitere Hilfe brauchst, schick mir eine PN.

Avira Fehlermeldung: Dieses Programm wurde durch Gruppenrichtlinien Blockiert. Ein Trojaner?

Log-Analyse und Auswertung: Avira Fehlermeldung: Dieses Programm wurde durch Gruppenrichtlinien Blockiert. Ein Trojaner?