Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.05.2014, 15:51   #1
helpsearch
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Guten Tag,
erstmal bin ich froh, dass ich Euch ergoogelt habe, der erste Eindruck ist schon echt super, man scheint hier sehr hilfsbereit zu sein
Ich brauche bitte Eure Hilfe und bedanke mich schon mal im Voraus!

Vorhin habe ich den PC zum ersten mal heute gestartet.
Vista 32bit SP2, AVG free Version

1. Mir kam nach dem booten eine UAC Meldung entgegen, die mir komisch vorkam und die ich ablehnte. Ich weiß leider nicht mehr was drin stand!
2. Daraufhin habe ich festgestellt, dass mein AVG Icon nicht in der Taskbar ist.
3. Dann habe ich versucht AVG zu starten, daraufhin PopUp (siehe Titel)
4. So, gefühlt laufen alle AVG Prozesse (Taskmanager), aber eben nicht die GUI.
5. Gegoogelt und zum Glück auf Euch gestoßen

6. Schon mal den FARBAR Recovery Schritt ausgeführt:


FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by ich (administrator) on ich-PC on 28-05-2014 16:38:56
Running from C:\Users\ich_admin\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\PnkBstrA.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
() C:\Program Files\Razer\Krait\razerhid.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Spotify Ltd) C:\Users\cornel_admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Razer\Krait\razertra.exe
(Razer Inc.) C:\Program Files\Razer\Krait\razerofa.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [92168 2009-01-21] (Logitech Inc.)
HKLM\...\Run: [Krait] => C:\Program Files\Razer\Krait\razerhid.exe [126976 2007-02-16] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2008-05-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1775808 2014-05-28] (Valve Corporation)
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [Spotify Web Helper] => C:\Users\cornel_admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-24] (Spotify Ltd)
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [UqnosPofsu] => regsvr32.exe "C:\ProgramData\UqnosPofsu.dat"
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\MountPoints2: {db72fef8-6fd5-11e2-80af-0018f3ea2df9} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\MountPoints2: {ee23fc16-0b13-11e2-ab5c-806e6f6e6963} - H:\Setup.exe
Startup: C:\Users\cornel_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://learn.adafruit.com/rgb-led-strips/example-code
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD0671F86086ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.elektronik-kompendium.de/forum/board_entry.php?id=188042&page=6&order=time&category=all
hxxp://www.arduino-tutorial.de/hacking/
hxxp://arduino.cc/
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\user.js
FF SearchPlugin: C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\battlefieldheroespatcher@ea.com [2012-09-30]
FF Extension: German Dictionary - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-15]
FF Extension: No Name - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\staged [2014-05-27]
FF Extension: Vista-aero - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2012-09-30]
FF Extension: FireShot - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-05-08]
FF Extension: ChatZilla - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-07-17]
FF Extension: Scrollbar Anywhere - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{767a0048-69da-4392-b458-55b7a96b66f7} [2014-01-05]
FF Extension: All-in-One Gestures - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-05-25]
FF Extension: Live HTTP Headers - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-09-30]
FF Extension: DownloadHelper - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-05]
FF Extension: Flash and Video Download - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-05-20]
FF Extension: Block site - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-23]
FF Extension: Sothink SWF Catcher - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} [2012-09-30]
FF Extension: Grooveshark Unlocker - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2012-09-30]
FF Extension: Media Hint - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\mediahint@jetpack.xpi [2013-11-21]
FF Extension: Stealthy - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\stealthyextension@gmail.com.xpi [2012-09-30]
FF Extension: FlashGot - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-09-30]
FF Extension: NoScript - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: RSFind! Mod - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{b8d51471-15f1-46cd-a600-448a6b103c2d}.xpi [2012-09-30]
FF Extension: Pearl Crescent Page Saver Basic - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2012-09-30]
FF Extension: Greasemonkey - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-30]
FF Extension: Flem - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{f7c39bef-150a-a06c-8a2b-04fea4e6d717}.xpi [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-21]
CHR Extension: (Google Drive) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (YouTube) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google-Suche) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Google Mail) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-02-26] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 drhard; C:\Windows\system32\DRIVERS\DRHARD.SYS [23600 2005-12-01] (Licensed for Gebhard Software)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-09-30] (DT Soft Ltd)
S3 GPU-Z; C:\Users\cornel_admin\AppData\Local\Temp\GPU-Z.sys [23936 2014-05-11] ()
R3 krait03; C:\Windows\System32\Drivers\krait.sys [13324 2005-12-07] (Razer (Asia-Pacific) Pte Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [39048 2011-11-07] ()
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19336 2009-01-13] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29192 2009-01-13] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14728 2009-01-13] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [49160 2009-01-13] (Logitech Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 16:36 - 2014-05-28 16:36 - 00000000 _____ () C:\Users\cornel_admin\Desktop\Neue Bitmap.bmp
2014-05-28 15:31 - 2014-05-28 16:38 - 00019055 _____ () C:\Users\cornel_admin\Downloads\FRST.txt
2014-05-28 15:30 - 2014-05-28 16:38 - 00000000 ____D () C:\FRST
2014-05-28 15:30 - 2014-05-28 15:30 - 01056256 _____ (Farbar) C:\Users\cornel_admin\Downloads\FRST.exe
2014-05-28 15:02 - 2014-05-28 15:02 - 00159432 _____ () C:\Windows\Minidump\Mini052814-01.dmp
2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 _____ () C:\Users\cornel_admin\AppData\Local\{92807FA6-9DB8-4530-BB2B-0D29FEA41D8C}
2014-05-27 15:40 - 2014-05-27 15:40 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 15:39 - 2014-05-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-27 15:37 - 2014-05-27 15:37 - 00018313 _____ () C:\Windows\system32\CCCInstall_201405271537066068.log
2014-05-27 15:06 - 2014-05-27 15:06 - 00282000 _____ (Microsoft Corporation) C:\ProgramData\UqnosPofsu.dat
2014-05-26 20:27 - 2014-05-26 20:27 - 00004657 _____ () C:\Users\cornel_admin\AppData\Local\recently-used.xbel
2014-05-26 00:13 - 2014-05-26 00:13 - 00143784 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-23 16:15 - 2014-05-23 16:15 - 00157136 _____ () C:\Windows\Minidump\Mini052314-01.dmp
2014-05-22 19:57 - 2014-05-22 19:57 - 00222624 _____ () C:\Windows\Minidump\Mini052214-01.dmp
2014-05-21 16:06 - 2014-05-21 16:06 - 00001972 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 16:06 - 2014-05-21 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 16:03 - 2014-05-28 16:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 16:03 - 2014-05-28 16:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 16:03 - 2014-05-21 16:06 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\Google
2014-05-21 16:03 - 2014-05-21 16:05 - 00000000 ____D () C:\Program Files\Google
2014-05-21 00:43 - 2014-05-21 00:43 - 00104635 _____ () C:\Users\cornel_admin\Documents\Unterschr. R.D.1.xcf
2014-05-20 23:59 - 2014-04-23 15:02 - 00019430 _____ () C:\Users\cornel_admin\Desktop\Mitgliederliste Cdu Überlingen.xlsx
2014-05-20 18:19 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-20 15:18 - 2014-05-20 15:18 - 00131072 _____ () C:\Windows\Minidump\Mini052014-01.dmp
2014-05-14 23:33 - 2014-05-14 23:33 - 00185368 _____ () C:\Windows\Minidump\Mini051414-02.dmp
2014-05-14 13:37 - 2014-05-14 13:37 - 00157136 _____ () C:\Windows\Minidump\Mini051414-01.dmp
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 02:14 - 2014-05-12 02:14 - 00178272 _____ () C:\Windows\Minidump\Mini051214-01.dmp
2014-05-11 16:21 - 2014-05-11 16:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\DIFX
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-05-11 02:07 - 2014-05-11 02:07 - 00000000 ____D () C:\Program Files\USB TV
2014-05-11 01:43 - 2014-05-11 01:43 - 00143784 _____ () C:\Windows\Minidump\Mini051114-02.dmp
2014-05-11 01:39 - 2014-05-11 01:39 - 00143784 _____ () C:\Windows\Minidump\Mini051114-01.dmp
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\Program Files\Geeks3D
2014-05-11 01:34 - 2014-05-11 01:35 - 05345101 _____ (Geeks3D ) C:\Users\cornel_admin\Downloads\FurMark_1.13.0_Setup.exe
2014-05-10 21:23 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

==================== One Month Modified Files and Folders =======

2014-05-28 16:40 - 2014-05-28 15:31 - 00019055 _____ () C:\Users\cornel_admin\Downloads\FRST.txt
2014-05-28 16:39 - 2006-11-02 12:33 - 01575982 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 16:38 - 2014-05-28 15:30 - 00000000 ____D () C:\FRST
2014-05-28 16:36 - 2014-05-28 16:36 - 00000000 _____ () C:\Users\cornel_admin\Desktop\Neue Bitmap.bmp
2014-05-28 16:36 - 2012-12-26 14:25 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-28 16:36 - 2012-11-23 23:52 - 00001356 _____ () C:\Users\cornel_admin\AppData\Local\d3d9caps.dat
2014-05-28 16:36 - 2012-09-30 18:07 - 00101312 _____ () C:\Users\cornel_admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-28 16:35 - 2014-05-21 16:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 16:35 - 2012-12-26 14:25 - 00000000 ____D () C:\Program Files\Steam
2014-05-28 16:33 - 2012-10-03 16:32 - 00000214 _____ () C:\Windows\Tasks\AutoKMS.job
2014-05-28 16:33 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 16:33 - 2006-11-02 14:47 - 00377896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-28 16:33 - 2006-11-02 14:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:33 - 2006-11-02 14:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:32 - 2012-09-30 19:40 - 00131694 _____ () C:\Windows\PFRO.log
2014-05-28 16:31 - 2006-11-02 15:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 16:30 - 2006-11-02 14:52 - 01442761 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 16:20 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-28 16:18 - 2012-10-02 19:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-28 16:14 - 2012-10-03 22:28 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-28 16:14 - 2012-10-03 18:33 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-05-28 16:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-28 16:13 - 2012-10-03 23:53 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-28 16:13 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew
2014-05-28 16:13 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-28 16:08 - 2014-05-21 16:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 16:05 - 2006-11-02 12:23 - 00000128 _____ () C:\Windows\win.ini
2014-05-28 16:02 - 2013-03-06 19:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 15:30 - 2014-05-28 15:30 - 01056256 _____ (Farbar) C:\Users\cornel_admin\Downloads\FRST.exe
2014-05-28 15:08 - 2012-09-30 18:33 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-28 15:02 - 2014-05-28 15:02 - 00159432 _____ () C:\Windows\Minidump\Mini052814-01.dmp
2014-05-28 15:02 - 2014-02-21 21:41 - 207265467 _____ () C:\Windows\MEMORY.DMP
2014-05-28 15:02 - 2012-10-01 00:04 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 _____ () C:\Users\cornel_admin\AppData\Local\{92807FA6-9DB8-4530-BB2B-0D29FEA41D8C}
2014-05-27 16:32 - 2012-10-03 16:32 - 00000214 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-05-27 15:40 - 2014-05-27 15:40 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 15:39 - 2014-05-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-27 15:39 - 2013-11-06 18:37 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-05-27 15:37 - 2014-05-27 15:37 - 00018313 _____ () C:\Windows\system32\CCCInstall_201405271537066068.log
2014-05-27 15:35 - 2012-09-30 18:06 - 00000000 ____D () C:\Users\cornel_admin
2014-05-27 15:17 - 2013-07-06 21:50 - 00000000 ____D () C:\Program Files\ATI
2014-05-27 15:06 - 2014-05-27 15:06 - 00282000 _____ (Microsoft Corporation) C:\ProgramData\UqnosPofsu.dat
2014-05-26 23:15 - 2012-10-23 18:23 - 00000000 ____D () C:\Users\cornel_admin\.gimp-2.8
2014-05-26 20:27 - 2014-05-26 20:27 - 00004657 _____ () C:\Users\cornel_admin\AppData\Local\recently-used.xbel
2014-05-26 00:13 - 2014-05-26 00:13 - 00143784 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-25 23:28 - 2013-10-10 19:17 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-25 16:36 - 2013-02-26 15:46 - 00138992 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-25 16:35 - 2013-02-26 16:02 - 00281152 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-25 16:35 - 2013-02-26 15:45 - 00281152 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-23 16:47 - 2012-10-02 18:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-23 16:15 - 2014-05-23 16:15 - 00157136 _____ () C:\Windows\Minidump\Mini052314-01.dmp
2014-05-22 19:57 - 2014-05-22 19:57 - 00222624 _____ () C:\Windows\Minidump\Mini052214-01.dmp
2014-05-21 16:06 - 2014-05-21 16:06 - 00001972 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 16:06 - 2014-05-21 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 16:06 - 2014-05-21 16:03 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\Google
2014-05-21 16:05 - 2014-05-21 16:03 - 00000000 ____D () C:\Program Files\Google
2014-05-21 16:03 - 2012-12-03 14:37 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\Deployment
2014-05-21 00:43 - 2014-05-21 00:43 - 00104635 _____ () C:\Users\cornel_admin\Documents\Unterschr. R.D.1.xcf
2014-05-20 18:28 - 2013-08-19 16:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-20 18:25 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-20 15:18 - 2014-05-20 15:18 - 00131072 _____ () C:\Windows\Minidump\Mini052014-01.dmp
2014-05-20 12:07 - 2014-04-05 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-14 23:33 - 2014-05-14 23:33 - 00185368 _____ () C:\Windows\Minidump\Mini051414-02.dmp
2014-05-14 23:26 - 2012-09-30 18:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 15:03 - 2012-11-04 18:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 15:03 - 2012-11-04 18:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 13:37 - 2014-05-14 13:37 - 00157136 _____ () C:\Windows\Minidump\Mini051414-01.dmp
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 02:14 - 2014-05-12 02:14 - 00178272 _____ () C:\Windows\Minidump\Mini051214-01.dmp
2014-05-11 16:21 - 2014-05-11 16:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\DIFX
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-05-11 02:09 - 2013-10-14 20:29 - 00011950 _____ () C:\Windows\DPINST.LOG
2014-05-11 02:07 - 2014-05-11 02:07 - 00000000 ____D () C:\Program Files\USB TV
2014-05-11 02:07 - 2012-09-30 22:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-11 01:43 - 2014-05-11 01:43 - 00143784 _____ () C:\Windows\Minidump\Mini051114-02.dmp
2014-05-11 01:39 - 2014-05-11 01:39 - 00143784 _____ () C:\Windows\Minidump\Mini051114-01.dmp
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\Program Files\Geeks3D
2014-05-11 01:35 - 2014-05-11 01:34 - 05345101 _____ (Geeks3D ) C:\Users\cornel_admin\Downloads\FurMark_1.13.0_Setup.exe
2014-05-11 01:29 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-11 01:01 - 2012-10-04 20:56 - 00022502 _____ () C:\Windows\IE9_main.log
2014-05-11 01:00 - 2012-09-30 18:29 - 00000000 ____D () C:\Users\cornel_admin\AppData\Roaming\vlc
2014-05-11 00:59 - 2012-09-30 19:00 - 00022016 _____ () C:\Users\cornel_admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\ProgramData\UqnosPofsu.dat


Some content of TEMP:
====================
C:\Users\cornel_admin\AppData\Local\Temp\10-2_legacy_vista32-64_dd_ccc.exe
C:\Users\cornel_admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5kypdm.dll
C:\Users\cornel_admin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\cornel_admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cornel_admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\cornel_admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\cornel_admin\AppData\Local\Temp\nsc5E89.exe
C:\Users\cornel_admin\AppData\Local\Temp\nsi5A16.exe
C:\Users\cornel_admin\AppData\Local\Temp\nsi9A65.exe
C:\Users\cornel_admin\AppData\Local\Temp\nsn946B.exe
C:\Users\cornel_admin\AppData\Local\Temp\nst65B9.exe
C:\Users\cornel_admin\AppData\Local\Temp\ose00000.exe
C:\Users\cornel_admin\AppData\Local\Temp\ose00001.exe
C:\Users\cornel_admin\AppData\Local\Temp\ose00002.exe
C:\Users\cornel_admin\AppData\Local\Temp\ose00003.exe
C:\Users\cornel_admin\AppData\Local\Temp\Uni000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-28 16:39

==================== End Of Log ============================
         
--- --- ---



Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by ich_admin at 2014-05-28 16:43:52
Running from C:\Users\ich_admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (Version: 2.01.0000 - ATI Technologies Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Battlefield 2 (HKLM\...\Steam App 24860) (Version:  - DICE)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Czech (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Danish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Dutch (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help English (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Finnish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help French (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help German (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Greek (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Italian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Japanese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Korean (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Polish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Russian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Spanish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Swedish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Thai (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Turkish (Version: 2010.0210.2338.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0210.2339.42455 - ATI) Hidden
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Counter-Strike (HKLM\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM\...\Steam App 100) (Version:  - Ritual)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
Counter-Strike: Source Beta (HKLM\...\Steam App 260) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
Debugging Tools for Windows (HKLM\...\{1C943495-B69F-4D41-AE0E-23C57ECD90EE}) (Version: 6.4.7.2 - Microsoft Corporation)
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
Dr. Hardware 2013 13.5d (HKLM\...\Dr. Hardware 2013_is1) (Version:  - Peter A. Gebhard)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
GameSpy Comrade (HKLM\...\{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 - GameSpy)
Geeks3D FurMark 1.13.0 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
G-Force (HKLM\...\G-Force) (Version: 3.7.4 - SoundSpectrum)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{7D1EFB03-7D84-446E-8B90-6ECD7EDF4D55}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inkscape 0.48.2 (HKCU\...\Inkscape) (Version: 0.48.2 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Logitech Gaming Software 5.04 (HKLM\...\{768F22DC-2D20-4F52-A9A1-5E231FB7F752}) (Version: 5.04.110 - Logitech)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Package: Samsung Galaxy S3 ToolKit (HKLM\...\SamsungGalaxyS3ToolKit30) (Version: 4.0.0.0 - skipsoft)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
Razer Krait (HKLM\...\{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}) (Version: 5.01 -  Razer USA Ltd.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB Video Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI)
Vistawinexit (HKLM\...\{2FC1B08D-B4B6-42F4-B1BF-C913625EAC6C}_is1) (Version: 7 - hxxp://www.kurt-selzam.de/)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0) (HKLM\...\69083DC58646DE46A09847A522A1CC487F918039) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.8.3 (32-bit) (HKLM\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Warcraft FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Restore Points  =========================
         
Vielen lieben Dank schon mal für Eure weitere Hilfe!

Geändert von helpsearch (28.05.2014 um 16:50 Uhr)

Alt 28.05.2014, 15:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Hi und

Zitat:
() C:\Windows\KMService.exe
Hierbei handelt es sich um einen MS-Office-Crack. Das ist selbstverständlich illegal. Daher entfernst du bitte das uns auch die illegale MS-Office-Installation sowie sämtliche etwaig vorhandene illegale/gecrackte Software.

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________

__________________

Alt 28.05.2014, 16:04   #3
helpsearch
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Hallo cosinus,
danke.
Passiert gerade, dauert aber (warum auch immer) recht lang.


So weit ich weiß(!) gibt es ansonsten nichts "t-b Richtlinienunkonformes" auf meinem PC.

VG
__________________

Geändert von helpsearch (28.05.2014 um 16:13 Uhr)

Alt 28.05.2014, 16:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Meld dich wenn alles Illegale runter ist,
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.05.2014, 16:46   #5
helpsearch
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



*meld*

Alte Scans im Startpost durch Neue Scans ersetzt.
Es erscheint noch an zwei stellen KMS, aber ich habe es deinstalliert, Office auch.

VG


Alt 28.05.2014, 20:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

__________________
--> avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"

Alt 29.05.2014, 22:12   #7
helpsearch
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Guten Abend,
erstmal "entschuldigung" für die späte Rückmeldung, ich war seit gestern Abend bis gerade unterwegs.

Wie schon bereits gesagt habe ich die Scanresults im Startpost durch neue ersetzt.
Hier aber nun nochmal die ganz frischen:

//Edit: ich sehe gerade dass KMS häufiger auftaucht als in dem geupdateten Scan von gestern. Ich habe seitdem aber nichts mit KMS/Office gemacht. Ist beides nach wie vor deinstalliert!//

FRST.txt:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by me_admin (administrator) on me_ADMIN-PC on 29-05-2014 22:03:55
Running from C:\Users\me_admin\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\PnkBstrA.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
() C:\Program Files\Razer\Krait\razerhid.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Spotify Ltd) C:\Users\me_admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Razer\Krait\razertra.exe
(Razer Inc.) C:\Program Files\Razer\Krait\razerofa.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [92168 2009-01-21] (Logitech Inc.)
HKLM\...\Run: [Krait] => C:\Program Files\Razer\Krait\razerhid.exe [126976 2007-02-16] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2008-05-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [Spotify Web Helper] => C:\Users\me_admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-24] (Spotify Ltd)
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [UqnosPofsu] => regsvr32.exe "C:\ProgramData\UqnosPofsu.dat"
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\MountPoints2: {db72fef8-6fd5-11e2-80af-0018f3ea2df9} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\MountPoints2: {ee23fc16-0b13-11e2-ab5c-806e6f6e6963} - H:\Setup.exe
Startup: C:\Users\me_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://learn.adafruit.com/rgb-led-strips/example-code
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD0671F86086ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.elektronik-kompendium.de/forum/board_entry.php?id=188042&page=6&order=time&category=all
hxxp://www.arduino-tutorial.de/hacking/
hxxp://arduino.cc/
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\user.js
FF SearchPlugin: C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\battlefieldheroespatcher@ea.com [2012-09-30]
FF Extension: German Dictionary - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-15]
FF Extension: No Name - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\staged [2014-05-27]
FF Extension: Vista-aero - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2012-09-30]
FF Extension: FireShot - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-05-08]
FF Extension: ChatZilla - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-07-17]
FF Extension: Scrollbar Anywhere - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{767a0048-69da-4392-b458-55b7a96b66f7} [2014-01-05]
FF Extension: All-in-One Gestures - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-05-25]
FF Extension: Live HTTP Headers - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-09-30]
FF Extension: DownloadHelper - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-05]
FF Extension: Flash and Video Download - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-05-20]
FF Extension: Block site - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-23]
FF Extension: Sothink SWF Catcher - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} [2012-09-30]
FF Extension: Grooveshark Unlocker - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2012-09-30]
FF Extension: Media Hint - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\mediahint@jetpack.xpi [2013-11-21]
FF Extension: Stealthy - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\stealthyextension@gmail.com.xpi [2012-09-30]
FF Extension: FlashGot - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-09-30]
FF Extension: NoScript - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: RSFind! Mod - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{b8d51471-15f1-46cd-a600-448a6b103c2d}.xpi [2012-09-30]
FF Extension: Pearl Crescent Page Saver Basic - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2012-09-30]
FF Extension: Greasemonkey - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-30]
FF Extension: Flem - C:\Users\me_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{f7c39bef-150a-a06c-8a2b-04fea4e6d717}.xpi [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\me_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-21]
CHR Extension: (Google Drive) - C:\Users\me_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (YouTube) - C:\Users\me_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google-Suche) - C:\Users\me_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\me_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Google Mail) - C:\Users\me_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-02-26] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 drhard; C:\Windows\system32\DRIVERS\DRHARD.SYS [23600 2005-12-01] (Licensed for Gebhard Software)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-09-30] (DT Soft Ltd)
S3 GPU-Z; C:\Users\me_admin\AppData\Local\Temp\GPU-Z.sys [23936 2014-05-11] ()
R3 krait03; C:\Windows\System32\Drivers\krait.sys [13324 2005-12-07] (Razer (Asia-Pacific) Pte Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [39048 2011-11-07] ()
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19336 2009-01-13] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29192 2009-01-13] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14728 2009-01-13] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [49160 2009-01-13] (Logitech Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 22:03 - 2014-05-29 22:05 - 00018712 _____ () C:\Users\me_admin\Downloads\FRST.txt
2014-05-28 16:36 - 2014-05-28 16:36 - 00000000 _____ () C:\Users\me_admin\Desktop\Neue Bitmap.bmp
2014-05-28 15:30 - 2014-05-29 22:03 - 00000000 ____D () C:\FRST
2014-05-28 15:30 - 2014-05-28 15:30 - 01056256 _____ (Farbar) C:\Users\me_admin\Downloads\FRST.exe
2014-05-28 15:02 - 2014-05-28 15:02 - 00159432 _____ () C:\Windows\Minidump\Mini052814-01.dmp
2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 _____ () C:\Users\me_admin\AppData\Local\{92807FA6-9DB8-4530-BB2B-0D29FEA41D8C}
2014-05-27 15:40 - 2014-05-27 15:40 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 15:39 - 2014-05-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-27 15:37 - 2014-05-27 15:37 - 00018313 _____ () C:\Windows\system32\CCCInstall_201405271537066068.log
2014-05-27 15:06 - 2014-05-27 15:06 - 00282000 _____ () C:\ProgramData\UqnosPofsu.dat
2014-05-26 20:27 - 2014-05-26 20:27 - 00004657 _____ () C:\Users\me_admin\AppData\Local\recently-used.xbel
2014-05-26 00:13 - 2014-05-26 00:13 - 00143784 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-23 16:15 - 2014-05-23 16:15 - 00157136 _____ () C:\Windows\Minidump\Mini052314-01.dmp
2014-05-22 19:57 - 2014-05-22 19:57 - 00222624 _____ () C:\Windows\Minidump\Mini052214-01.dmp
2014-05-21 16:06 - 2014-05-21 16:06 - 00001972 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 16:06 - 2014-05-21 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 16:03 - 2014-05-29 22:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 16:03 - 2014-05-28 17:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 16:03 - 2014-05-21 16:06 - 00000000 ____D () C:\Users\me_admin\AppData\Local\Google
2014-05-21 16:03 - 2014-05-21 16:05 - 00000000 ____D () C:\Program Files\Google
2014-05-21 00:43 - 2014-05-21 00:43 - 00104635 _____ () C:\Users\me_admin\Documents\Unterschr. R.D.1.xcf
2014-05-20 23:59 - 2014-04-23 15:02 - 00019430 _____ () C:\Users\me_admin\Desktop\Mitgliederliste Cdu Überlingen.xlsx
2014-05-20 18:19 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-20 15:18 - 2014-05-20 15:18 - 00131072 _____ () C:\Windows\Minidump\Mini052014-01.dmp
2014-05-14 23:33 - 2014-05-14 23:33 - 00185368 _____ () C:\Windows\Minidump\Mini051414-02.dmp
2014-05-14 13:37 - 2014-05-14 13:37 - 00157136 _____ () C:\Windows\Minidump\Mini051414-01.dmp
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 02:14 - 2014-05-12 02:14 - 00178272 _____ () C:\Windows\Minidump\Mini051214-01.dmp
2014-05-11 16:21 - 2014-05-11 16:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\DIFX
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-05-11 02:07 - 2014-05-11 02:07 - 00000000 ____D () C:\Program Files\USB TV
2014-05-11 01:43 - 2014-05-11 01:43 - 00143784 _____ () C:\Windows\Minidump\Mini051114-02.dmp
2014-05-11 01:39 - 2014-05-11 01:39 - 00143784 _____ () C:\Windows\Minidump\Mini051114-01.dmp
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\Program Files\Geeks3D
2014-05-11 01:34 - 2014-05-11 01:35 - 05345101 _____ (Geeks3D ) C:\Users\me_admin\Downloads\FurMark_1.13.0_Setup.exe
2014-05-10 21:23 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

==================== One Month Modified Files and Folders =======

2014-05-29 22:05 - 2014-05-29 22:03 - 00018712 _____ () C:\Users\me_admin\Downloads\FRST.txt
2014-05-29 22:04 - 2012-09-30 18:33 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-29 22:03 - 2014-05-28 15:30 - 00000000 ____D () C:\FRST
2014-05-29 22:03 - 2012-12-26 14:25 - 00000000 ____D () C:\Program Files\Steam
2014-05-29 22:03 - 2012-12-26 14:25 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-29 22:02 - 2013-03-06 19:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 22:00 - 2014-05-21 16:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 22:00 - 2012-10-03 16:32 - 00000214 _____ () C:\Windows\Tasks\AutoKMS.job
2014-05-29 22:00 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 22:00 - 2006-11-02 14:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 22:00 - 2006-11-02 14:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 17:25 - 2006-11-02 15:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 17:25 - 2006-11-02 14:52 - 01446452 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 17:08 - 2014-05-21 16:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 17:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-28 16:39 - 2006-11-02 12:33 - 01575982 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 16:36 - 2014-05-28 16:36 - 00000000 _____ () C:\Users\me_admin\Desktop\Neue Bitmap.bmp
2014-05-28 16:36 - 2012-11-23 23:52 - 00001356 _____ () C:\Users\me_admin\AppData\Local\d3d9caps.dat
2014-05-28 16:36 - 2012-09-30 18:07 - 00101312 _____ () C:\Users\me_admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-28 16:33 - 2006-11-02 14:47 - 00377896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-28 16:32 - 2012-09-30 19:40 - 00131694 _____ () C:\Windows\PFRO.log
2014-05-28 16:18 - 2012-10-02 19:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-28 16:14 - 2012-10-03 22:28 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-28 16:14 - 2012-10-03 18:33 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-05-28 16:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-28 16:13 - 2012-10-03 23:53 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-28 16:13 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew
2014-05-28 16:13 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-28 16:05 - 2006-11-02 12:23 - 00000128 _____ () C:\Windows\win.ini
2014-05-28 15:30 - 2014-05-28 15:30 - 01056256 _____ (Farbar) C:\Users\me_admin\Downloads\FRST.exe
2014-05-28 15:02 - 2014-05-28 15:02 - 00159432 _____ () C:\Windows\Minidump\Mini052814-01.dmp
2014-05-28 15:02 - 2014-02-21 21:41 - 207265467 _____ () C:\Windows\MEMORY.DMP
2014-05-28 15:02 - 2012-10-01 00:04 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 _____ () C:\Users\me_admin\AppData\Local\{92807FA6-9DB8-4530-BB2B-0D29FEA41D8C}
2014-05-27 16:32 - 2012-10-03 16:32 - 00000214 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-05-27 15:40 - 2014-05-27 15:40 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 15:39 - 2014-05-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-27 15:39 - 2013-11-06 18:37 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-05-27 15:37 - 2014-05-27 15:37 - 00018313 _____ () C:\Windows\system32\CCCInstall_201405271537066068.log
2014-05-27 15:35 - 2012-09-30 18:06 - 00000000 ____D () C:\Users\me_admin
2014-05-27 15:17 - 2013-07-06 21:50 - 00000000 ____D () C:\Program Files\ATI
2014-05-27 15:06 - 2014-05-27 15:06 - 00282000 _____ () C:\ProgramData\UqnosPofsu.dat
2014-05-26 23:15 - 2012-10-23 18:23 - 00000000 ____D () C:\Users\me_admin\.gimp-2.8
2014-05-26 20:27 - 2014-05-26 20:27 - 00004657 _____ () C:\Users\me_admin\AppData\Local\recently-used.xbel
2014-05-26 00:13 - 2014-05-26 00:13 - 00143784 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-25 23:28 - 2013-10-10 19:17 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-25 16:36 - 2013-02-26 15:46 - 00138992 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-25 16:35 - 2013-02-26 16:02 - 00281152 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-25 16:35 - 2013-02-26 15:45 - 00281152 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-23 16:47 - 2012-10-02 18:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-23 16:15 - 2014-05-23 16:15 - 00157136 _____ () C:\Windows\Minidump\Mini052314-01.dmp
2014-05-22 19:57 - 2014-05-22 19:57 - 00222624 _____ () C:\Windows\Minidump\Mini052214-01.dmp
2014-05-21 16:06 - 2014-05-21 16:06 - 00001972 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 16:06 - 2014-05-21 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 16:06 - 2014-05-21 16:03 - 00000000 ____D () C:\Users\me_admin\AppData\Local\Google
2014-05-21 16:05 - 2014-05-21 16:03 - 00000000 ____D () C:\Program Files\Google
2014-05-21 16:03 - 2012-12-03 14:37 - 00000000 ____D () C:\Users\me_admin\AppData\Local\Deployment
2014-05-21 00:43 - 2014-05-21 00:43 - 00104635 _____ () C:\Users\me_admin\Documents\Unterschr. R.D.1.xcf
2014-05-20 18:28 - 2013-08-19 16:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-20 18:25 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-20 15:18 - 2014-05-20 15:18 - 00131072 _____ () C:\Windows\Minidump\Mini052014-01.dmp
2014-05-20 12:07 - 2014-04-05 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-14 23:33 - 2014-05-14 23:33 - 00185368 _____ () C:\Windows\Minidump\Mini051414-02.dmp
2014-05-14 23:26 - 2012-09-30 18:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 15:03 - 2012-11-04 18:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 15:03 - 2012-11-04 18:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 13:37 - 2014-05-14 13:37 - 00157136 _____ () C:\Windows\Minidump\Mini051414-01.dmp
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 02:14 - 2014-05-12 02:14 - 00178272 _____ () C:\Windows\Minidump\Mini051214-01.dmp
2014-05-11 16:21 - 2014-05-11 16:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\DIFX
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-05-11 02:09 - 2013-10-14 20:29 - 00011950 _____ () C:\Windows\DPINST.LOG
2014-05-11 02:07 - 2014-05-11 02:07 - 00000000 ____D () C:\Program Files\USB TV
2014-05-11 02:07 - 2012-09-30 22:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-11 01:43 - 2014-05-11 01:43 - 00143784 _____ () C:\Windows\Minidump\Mini051114-02.dmp
2014-05-11 01:39 - 2014-05-11 01:39 - 00143784 _____ () C:\Windows\Minidump\Mini051114-01.dmp
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\Program Files\Geeks3D
2014-05-11 01:35 - 2014-05-11 01:34 - 05345101 _____ (Geeks3D ) C:\Users\me_admin\Downloads\FurMark_1.13.0_Setup.exe
2014-05-11 01:29 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-11 01:01 - 2012-10-04 20:56 - 00022502 _____ () C:\Windows\IE9_main.log
2014-05-11 01:00 - 2012-09-30 18:29 - 00000000 ____D () C:\Users\me_admin\AppData\Roaming\vlc
2014-05-11 00:59 - 2012-09-30 19:00 - 00022016 _____ () C:\Users\me_admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\ProgramData\UqnosPofsu.dat


Some content of TEMP:
====================
C:\Users\me_admin\AppData\Local\Temp\10-2_legacy_vista32-64_dd_ccc.exe
C:\Users\me_admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5kypdm.dll
C:\Users\me_admin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\me_admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\me_admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\me_admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\me_admin\AppData\Local\Temp\nsc5E89.exe
C:\Users\me_admin\AppData\Local\Temp\nsi5A16.exe
C:\Users\me_admin\AppData\Local\Temp\nsi9A65.exe
C:\Users\me_admin\AppData\Local\Temp\nsn946B.exe
C:\Users\me_admin\AppData\Local\Temp\nst65B9.exe
C:\Users\me_admin\AppData\Local\Temp\ose00000.exe
C:\Users\me_admin\AppData\Local\Temp\ose00001.exe
C:\Users\me_admin\AppData\Local\Temp\ose00002.exe
C:\Users\me_admin\AppData\Local\Temp\ose00003.exe
C:\Users\me_admin\AppData\Local\Temp\Uni000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 22:06

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by me_admin at 2014-05-29 22:06:56
Running from C:\Users\me_admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (Version: 2.01.0000 - ATI Technologies Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Battlefield 2 (HKLM\...\Steam App 24860) (Version:  - DICE)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Czech (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Danish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Dutch (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help English (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Finnish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help French (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help German (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Greek (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Italian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Japanese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Korean (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Polish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Russian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Spanish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Swedish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Thai (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Turkish (Version: 2010.0210.2338.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0210.2339.42455 - ATI) Hidden
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Counter-Strike (HKLM\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM\...\Steam App 100) (Version:  - Ritual)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
Counter-Strike: Source Beta (HKLM\...\Steam App 260) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
Debugging Tools for Windows (HKLM\...\{1C943495-B69F-4D41-AE0E-23C57ECD90EE}) (Version: 6.4.7.2 - Microsoft Corporation)
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
Dr. Hardware 2013 13.5d (HKLM\...\Dr. Hardware 2013_is1) (Version:  - Peter A. Gebhard)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
GameSpy Comrade (HKLM\...\{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 - GameSpy)
Geeks3D FurMark 1.13.0 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
G-Force (HKLM\...\G-Force) (Version: 3.7.4 - SoundSpectrum)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{7D1EFB03-7D84-446E-8B90-6ECD7EDF4D55}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inkscape 0.48.2 (HKCU\...\Inkscape) (Version: 0.48.2 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Logitech Gaming Software 5.04 (HKLM\...\{768F22DC-2D20-4F52-A9A1-5E231FB7F752}) (Version: 5.04.110 - Logitech)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Package: Samsung Galaxy S3 ToolKit (HKLM\...\SamsungGalaxyS3ToolKit30) (Version: 4.0.0.0 - skipsoft)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
Razer Krait (HKLM\...\{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}) (Version: 5.01 -  Razer USA Ltd.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB Video Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI)
Vistawinexit (HKLM\...\{2FC1B08D-B4B6-42F4-B1BF-C913625EAC6C}_is1) (Version: 7 - hxxp://www.kurt-selzam.de/)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0) (HKLM\...\69083DC58646DE46A09847A522A1CC487F918039) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.8.3 (32-bit) (HKLM\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Warcraft FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Restore Points  =========================

11-05-2014 00:05:18 Gerätetreiber-Paketinstallation: ATI Technologies Audio-, Video- und Gamecontroller
11-05-2014 00:07:15 Installiert USB Video Driver
11-05-2014 00:08:05 Gerätetreiber-Paketinstallation: Advanced Micro Devices, Inc. Audio-, Video- und Gamecontroller
11-05-2014 00:08:40 Gerätetreiber-Paketinstallation: eMPIA Technology Inc, Audio-, Video- und Gamecontroller
11-05-2014 00:18:44 Gerätetreiber-Paketinstallation: ATI Technologies Audio-, Video- und Gamecontroller
11-05-2014 00:20:14 Installiert USB Video Driver
11-05-2014 00:22:00 Windows Update
11-05-2014 12:12:25 Windows Update
11-05-2014 12:19:23 Gerätetreiber-Paketinstallation: ATI Technologies Inc. Grafikkarte
12-05-2014 11:01:09 Geplanter Prüfpunkt
14-05-2014 12:39:38 Geplanter Prüfpunkt
20-05-2014 16:20:12 Windows Update
22-05-2014 19:37:40 Geplanter Prüfpunkt
25-05-2014 21:21:49 Installed HtmlScreenSaver
26-05-2014 12:45:07 Geplanter Prüfpunkt
27-05-2014 13:08:36 Removed HtmlScreenSaver
27-05-2014 13:12:03 Gerätetreiber-Paketinstallation: ATI Technologies Inc. Grafikkarte
27-05-2014 13:35:20 Gerätetreiber-Paketinstallation: ATI Technologies Inc. Grafikkarte
28-05-2014 13:22:54 Windows Update
28-05-2014 13:58:30 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

2006-11-02 12:23 - 2012-10-26 23:01 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {042FC5F8-9A4D-4FF3-AC0D-A0624686D6AA} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {0E33A7C4-652E-4612-BD5B-632A6829CEF7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {172D5720-7CE2-49FC-B880-FA3F2AED08CA} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2F203076-CED9-4DC0-8403-BF92CD13B6D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {466F72D5-2929-45FD-BB1E-76DC796E8814} - System32\Tasks\HP AR Program Upload - 59c863515cfd4b1283bf8bc770ae5ea7345d8d9b4dda475dbb451a459a554baa => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {48A243ED-753F-468B-B1FB-3EDEFC41EAF3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {4F5B9232-2265-469B-8993-25DAFB84D9A0} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {5319808D-24B3-4F9C-AB50-967F3E95F9A3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {672ED6C9-005A-4BFD-BE25-65C188191C3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {B98B1DC9-EA42-48C9-84F0-2EC06134BF9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-10-01] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2010-02-11 07:30 - 2010-02-11 07:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-07-04 23:32 - 2010-07-04 23:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-26 15:45 - 2013-02-26 16:28 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-10-14 20:29 - 2007-02-16 17:44 - 00126976 _____ () C:\Program Files\Razer\Krait\razerhid.exe
2013-10-14 20:29 - 2007-02-16 17:46 - 00114688 _____ () C:\Program Files\Razer\Krait\razertra.exe
2014-05-27 15:39 - 2014-05-27 15:39 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-05-21 16:06 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-21 16:06 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-21 16:06 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-21 16:06 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Spotify => "C:\Users\me_admin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\me_admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2014 05:25:31 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/28/2014 03:28:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16464 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: f68
Anfangszeit: 01cf7a7737d88836
Zeitpunkt der Beendigung: 41

Error: (05/28/2014 00:30:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16464, Zeitstempel 0x50ec971b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x007627ee,
Prozess-ID 0x43c4, Anwendungsstartzeit iexplore.exe0.

Error: (05/26/2014 08:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung help-browser.exe, Version 2.8.2.0, Zeitstempel 0x50369de9, fehlerhaftes Modul libgstapp-0.10-0.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x1244, Anwendungsstartzeit help-browser.exe0.

Error: (05/26/2014 08:10:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung web-page.exe, Version 2.8.2.0, Zeitstempel 0x50369dea, fehlerhaftes Modul libgstapp-0.10-0.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x2a4, Anwendungsstartzeit web-page.exe0.

Error: (05/26/2014 06:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung help-browser.exe, Version 2.8.2.0, Zeitstempel 0x50369de9, fehlerhaftes Modul libgstapp-0.10-0.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0xc88, Anwendungsstartzeit help-browser.exe0.

Error: (05/26/2014 06:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung web-page.exe, Version 2.8.2.0, Zeitstempel 0x50369dea, fehlerhaftes Modul libgstapp-0.10-0.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x134c, Anwendungsstartzeit web-page.exe0.

Error: (05/20/2014 10:24:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung help-browser.exe, Version 2.8.2.0, Zeitstempel 0x50369de9, fehlerhaftes Modul libgstapp-0.10-0.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x6b84, Anwendungsstartzeit help-browser.exe0.

Error: (05/20/2014 10:24:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung web-page.exe, Version 2.8.2.0, Zeitstempel 0x50369dea, fehlerhaftes Modul libgstapp-0.10-0.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,
Prozess-ID 0x6230, Anwendungsstartzeit web-page.exe0.

Error: (05/20/2014 02:40:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16464 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 24a4
Anfangszeit: 01cf74289cbe8d0e
Zeitpunkt der Beendigung: 17


System errors:
=============
Error: (05/29/2014 10:03:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Steam Client Service%%1053

Error: (05/29/2014 10:03:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Steam Client Service

Error: (05/29/2014 10:01:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/28/2014 04:34:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/28/2014 03:59:54 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (05/28/2014 03:59:51 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (05/28/2014 03:24:21 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (05/28/2014 03:24:18 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (05/28/2014 03:16:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Steam Client Service%%1053

Error: (05/28/2014 03:16:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Steam Client Service


Microsoft Office Sessions:
=========================
Error: (05/28/2014 05:25:31 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/28/2014 03:28:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16464f6801cf7a7737d8883641

Error: (05/28/2014 00:30:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1646450ec971bunknown0.0.0.000000000c0000005007627ee43c401cf79fb401c2bf0

Error: (05/26/2014 08:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: help-browser.exe2.8.2.050369de9libgstapp-0.10-0.dll6.0.6002.1888151da3e27c000013500009f5d124401cf790dd5ebc7c5

Error: (05/26/2014 08:10:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: web-page.exe2.8.2.050369dealibgstapp-0.10-0.dll6.0.6002.1888151da3e27c000013500009f5d2a401cf790dd4293035

Error: (05/26/2014 06:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: help-browser.exe2.8.2.050369de9libgstapp-0.10-0.dll6.0.6002.1888151da3e27c000013500009f5dc8801cf790148821d05

Error: (05/26/2014 06:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: web-page.exe2.8.2.050369dealibgstapp-0.10-0.dll6.0.6002.1888151da3e27c000013500009f5d134c01cf790143d7a7c5

Error: (05/20/2014 10:24:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: help-browser.exe2.8.2.050369de9libgstapp-0.10-0.dll6.0.6002.1888151da3e27c000013500009f5d6b8401cf746987613cff

Error: (05/20/2014 10:24:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: web-page.exe2.8.2.050369dealibgstapp-0.10-0.dll6.0.6002.1888151da3e27c000013500009f5d623001cf746971dcc11f

Error: (05/20/2014 02:40:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1646424a401cf74289cbe8d0e17


CodeIntegrity Errors:
===================================
  Date: 2014-05-29 22:06:17.811
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 22:06:17.492
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 22:06:17.267
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 22:06:17.005
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 22:06:16.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 22:06:16.504
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 22:06:16.156
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 22:06:15.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 22:05:02.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 22:05:01.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 67%
Total physical RAM: 3070.64 MB
Available physical RAM: 1012.14 MB
Total Pagefile: 6361.29 MB
Available Pagefile: 3631.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.23 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:199.74 GB) (Free:71.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive j: (Daten) (Fixed) (Total:172.87 GB) (Free:32.69 GB) NTFS
Drive p: (Puffer) (Fixed) (Total:232.88 GB) (Free:37.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: AA4B8893)
Partition 1: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=173 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 522EA6AD)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Danke!

Geändert von helpsearch (29.05.2014 um 22:20 Uhr)

Alt 30.05.2014, 14:13   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [UqnosPofsu] => regsvr32.exe "C:\ProgramData\UqnosPofsu.dat"
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: {48A243ED-753F-468B-B1FB-3EDEFC41EAF3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {172D5720-7CE2-49FC-B880-FA3F2AED08CA} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
C:\Windows\KMService.exe 
C:\Windows\AutoKMS.exe
C:\ProgramData\UqnosPofsu.dat
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2014, 14:46   #9
helpsearch
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Hallo cosinus,
dankeschön für die Antwort.

Ich muss im Voraus folgendes darstellen:
Mich hat es heute Nacht "gerappelt", ich habe echt Angst um meinen PC und meine Daten.
Deswegen bin ich selbst aktiv geworden und habe folgendes selber unternommen:
1. Das offizielle AVG Removal Tool eingesetzt
2. Erfolglos versucht AVG neu zu installieren (Fehlermeldungen à la "Datei nicht gefunden", MSI Fehler,...)
3.Malwarebytes installiert und laufen lassen.
Dabei ist unter anderem auch dieses "UqnosPofsu" in der Quarantäne gelandet.

Heute Mittag habe ich dann
4. Erfolgreich "Avira free" installiert und komplett scannen lassen.
5. Manuell alles AVG verwandte/ bezogene gelöscht (auch Registry Einträge!)
6. AVG erfolgreich installiert, Avira deaktiviert.
7. AVG ist nun gerade am Scannen

8. Ich habe den Fix durchgeführt.

fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by cornel_admin at 2014-05-30 14:36:20 Run:1
Running from C:\Users\cornel_admin\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [UqnosPofsu] => regsvr32.exe "C:\ProgramData\UqnosPofsu.dat"
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: {48A243ED-753F-468B-B1FB-3EDEFC41EAF3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {172D5720-7CE2-49FC-B880-FA3F2AED08CA} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
C:\Windows\KMService.exe 
C:\Windows\AutoKMS.exe
C:\ProgramData\UqnosPofsu.dat
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UqnosPofsu => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key not found.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\Tasks\AutoKMSDaily.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{48A243ED-753F-468B-B1FB-3EDEFC41EAF3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48A243ED-753F-468B-B1FB-3EDEFC41EAF3} => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{172D5720-7CE2-49FC-B880-FA3F2AED08CA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{172D5720-7CE2-49FC-B880-FA3F2AED08CA} => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMSDaily => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily => Key deleted successfully.
"C:\Windows\KMService.exe" => File/Directory not found.
"C:\Windows\AutoKMS.exe" => File/Directory not found.
"C:\ProgramData\UqnosPofsu.dat" => File/Directory not found.

==== End of Fixlog ====
         
Danke bis dahin und liebe Grüße!

Alt 30.05.2014, 14:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2014, 15:18   #11
helpsearch
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Hallo cosinus,

AdwCleaner[S0].txt:
Code:
ATTFilter
# AdwCleaner v3.211 - Bericht erstellt am 30/05/2014 um 14:56:02
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : cornel_admin - CORNEL_ADMIN-PC
# Gestartet von : C:\Users\cornel_admin\Downloads\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\ku7ct7gn.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\ku7ct7gn.default\user.js
Datei Gelöscht : C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16464


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\ku7ct7gn.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.enabledItems", "helperbar@helperbar.com:1.0,{8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0,battlefieldheroespatcher@ea.com:4.0.14.0,{dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1,[...]
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar@helperbar.com.install-event-fired", true);

[ Datei : C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.enabledItems", "helperbar@helperbar.com:1.0,{8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0,battlefieldheroespatcher@ea.com:4.0.14.0,{dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1,[...]
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar@helperbar.com.install-event-fired", true);

-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3630 octets] - [30/05/2014 14:54:50]
AdwCleaner[S0].txt - [3551 octets] - [30/05/2014 14:56:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3611 octets] ##########
         
JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by cornel_admin on 30.05.2014 at 15:07:48,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2997729771-1688528191-3898873413-1000\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\cornel_admin\AppData\Roaming\mozilla\firefox\profiles\l31f778d.default\prefs.js

user_pref("avg.toolbar.buttons_icon", ",,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesearch.png,chrome://avg/skin/avglinks.png,chrome:/
Emptied folder: C:\Users\cornel_admin\AppData\Roaming\mozilla\firefox\profiles\l31f778d.default\minidumps [287 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2014 at 15:12:25,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by cornel_admin (administrator) on CORNEL_ADMIN-PC on 30-05-2014 15:15:02
Running from C:\Users\cornel_admin\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Razer\Krait\razerhid.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Spotify Ltd) C:\Users\cornel_admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\Razer\Krait\razertra.exe
(Razer Inc.) C:\Program Files\Razer\Krait\razerofa.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Krait] => C:\Program Files\Razer\Krait\razerhid.exe [126976 2007-02-16] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\Run: [Spotify Web Helper] => C:\Users\cornel_admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-24] (Spotify Ltd)
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\MountPoints2: {db72fef8-6fd5-11e2-80af-0018f3ea2df9} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2997729771-1688528191-3898873413-1000\...\MountPoints2: {ee23fc16-0b13-11e2-ab5c-806e6f6e6963} - H:\Setup.exe
Startup: C:\Users\cornel_admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://learn.adafruit.com/rgb-led-strips/example-code
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD0671F86086ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.elektronik-kompendium.de/forum/board_entry.php?id=188042&page=6&order=time&category=all
hxxp://www.arduino-tutorial.de/hacking/
hxxp://arduino.cc/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\battlefieldheroespatcher@ea.com [2012-09-30]
FF Extension: German Dictionary - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-15]
FF Extension: Vista-aero - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2012-09-30]
FF Extension: FireShot - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-05-08]
FF Extension: ChatZilla - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-07-17]
FF Extension: Scrollbar Anywhere - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{767a0048-69da-4392-b458-55b7a96b66f7} [2014-01-05]
FF Extension: All-in-One Gestures - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-05-25]
FF Extension: Live HTTP Headers - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-09-30]
FF Extension: DownloadHelper - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-05]
FF Extension: Flash and Video Download - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-05-29]
FF Extension: Block site - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-23]
FF Extension: Sothink SWF Catcher - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} [2012-09-30]
FF Extension: Grooveshark Unlocker - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2012-09-30]
FF Extension: Media Hint - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\mediahint@jetpack.xpi [2013-11-21]
FF Extension: Stealthy - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\stealthyextension@gmail.com.xpi [2012-09-30]
FF Extension: FlashGot - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-09-30]
FF Extension: NoScript - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: RSFind! Mod - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{b8d51471-15f1-46cd-a600-448a6b103c2d}.xpi [2012-09-30]
FF Extension: Pearl Crescent Page Saver Basic - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2012-09-30]
FF Extension: Greasemonkey - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-30]
FF Extension: Flem - C:\Users\cornel_admin\AppData\Roaming\Mozilla\Firefox\Profiles\l31f778d.default\Extensions\{f7c39bef-150a-a06c-8a2b-04fea4e6d717}.xpi [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-21]
CHR Extension: (Google Drive) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (YouTube) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Google-Suche) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Google Mail) - C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-02-26] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-09] (Avira Operations GmbH & Co. KG)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
S3 drhard; C:\Windows\system32\DRIVERS\DRHARD.SYS [23600 2005-12-01] (Licensed for Gebhard Software)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-09-30] (DT Soft Ltd)
S3 GPU-Z; C:\Users\cornel_admin\AppData\Local\Temp\GPU-Z.sys [23936 2014-05-11] ()
R3 krait03; C:\Windows\System32\Drivers\krait.sys [13324 2005-12-07] (Razer (Asia-Pacific) Pte Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [39048 2011-11-07] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19336 2009-01-13] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29192 2009-01-13] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14728 2009-01-13] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [49160 2009-01-13] (Logitech Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 15:12 - 2014-05-30 15:12 - 00001280 _____ () C:\Users\cornel_admin\Desktop\JRT.txt
2014-05-30 15:07 - 2014-05-30 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 15:04 - 2014-05-30 15:04 - 01016261 _____ (Thisisu) C:\Users\cornel_admin\Downloads\JRT.exe
2014-05-30 14:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-30 14:54 - 2014-05-30 14:56 - 00000000 ____D () C:\AdwCleaner
2014-05-30 14:53 - 2014-05-30 14:53 - 01327971 _____ () C:\Users\cornel_admin\Downloads\adwcleaner_3.211.exe
2014-05-30 14:24 - 2014-05-30 14:24 - 00000000 ____D () C:\Users\cornel_admin\AppData\Roaming\AVG2014
2014-05-30 14:23 - 2014-05-30 14:23 - 00000867 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-30 14:23 - 2014-05-30 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-30 14:21 - 2014-05-30 14:23 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-30 14:21 - 2014-05-30 14:21 - 00000000 ___HD () C:\$AVG
2014-05-30 14:19 - 2014-05-30 14:19 - 00000000 ____D () C:\Program Files\AVG
2014-05-30 14:18 - 2014-05-30 14:58 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-30 09:59 - 2014-05-30 09:59 - 00000000 __SHD () C:\found.001
2014-05-30 02:23 - 2014-05-30 02:23 - 00000000 ____D () C:\Users\cornel_admin\AppData\Roaming\Avira
2014-05-30 02:16 - 2014-05-09 11:16 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-30 02:16 - 2014-05-09 11:16 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-30 02:16 - 2014-05-09 11:16 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-30 02:16 - 2014-05-09 11:16 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-05-30 02:09 - 2014-05-30 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-30 02:09 - 2014-05-30 02:16 - 00000000 ____D () C:\ProgramData\Avira
2014-05-30 02:09 - 2014-05-30 02:16 - 00000000 ____D () C:\Program Files\Avira
2014-05-30 02:09 - 2014-05-30 02:09 - 00001011 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-30 02:08 - 2014-05-30 02:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-30 02:07 - 2014-05-30 02:08 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\cornel_admin\Downloads\avira_de_av_4007429802__ws.exe
2014-05-30 02:05 - 2014-05-30 14:28 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\Avg2014
2014-05-30 01:40 - 2014-05-30 01:48 - 152430976 _____ (AVG Technologies) C:\Users\cornel_admin\Downloads\avg_free_x86_all_2014_4592a7484.exe
2014-05-30 01:35 - 2014-05-30 01:35 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\MFAData
2014-05-30 00:54 - 2014-05-30 00:54 - 04424240 _____ (AVG Technologies) C:\Users\cornel_admin\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-05-30 00:53 - 2014-05-30 00:53 - 00000000 ____D () C:\Users\cornel_admin\Downloads\avg_remover4116
2014-05-30 00:46 - 2014-05-30 00:46 - 03453210 _____ () C:\Users\cornel_admin\Downloads\avg_remover4116.zip
2014-05-30 00:40 - 2014-05-30 01:22 - 00569653 _____ () C:\Users\cornel_admin\Downloads\avgremover.log
2014-05-30 00:39 - 2014-05-30 00:39 - 02586752 _____ (AVG Technologies CZ, s.r.o.) C:\Users\cornel_admin\Downloads\avg_remover_stf_x86_2013_2706.exe
2014-05-29 23:52 - 2014-05-29 23:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\cornel_admin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-05-29 23:07 - 2014-05-30 14:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 23:07 - 2014-05-29 23:07 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 23:07 - 2014-05-29 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-29 23:07 - 2014-05-29 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 23:07 - 2014-05-29 23:07 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-29 23:07 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-29 23:07 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-29 23:07 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-29 23:04 - 2014-05-29 23:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\cornel_admin\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 22:03 - 2014-05-30 15:15 - 00018785 _____ () C:\Users\cornel_admin\Downloads\FRST.txt
2014-05-28 15:30 - 2014-05-30 15:15 - 00000000 ____D () C:\FRST
2014-05-28 15:30 - 2014-05-28 15:30 - 01056256 _____ (Farbar) C:\Users\cornel_admin\Downloads\FRST.exe
2014-05-28 15:02 - 2014-05-28 15:02 - 00159432 _____ () C:\Windows\Minidump\Mini052814-01.dmp
2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 _____ () C:\Users\cornel_admin\AppData\Local\{92807FA6-9DB8-4530-BB2B-0D29FEA41D8C}
2014-05-27 15:40 - 2014-05-27 15:40 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 15:39 - 2014-05-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-27 15:37 - 2014-05-27 15:37 - 00018313 _____ () C:\Windows\system32\CCCInstall_201405271537066068.log
2014-05-26 20:27 - 2014-05-26 20:27 - 00004657 _____ () C:\Users\cornel_admin\AppData\Local\recently-used.xbel
2014-05-26 00:13 - 2014-05-26 00:13 - 00143784 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-23 16:15 - 2014-05-23 16:15 - 00157136 _____ () C:\Windows\Minidump\Mini052314-01.dmp
2014-05-22 19:57 - 2014-05-22 19:57 - 00222624 _____ () C:\Windows\Minidump\Mini052214-01.dmp
2014-05-21 16:06 - 2014-05-21 16:06 - 00001972 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 16:06 - 2014-05-21 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 16:03 - 2014-05-30 15:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 16:03 - 2014-05-30 14:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 16:03 - 2014-05-21 16:06 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\Google
2014-05-21 16:03 - 2014-05-21 16:05 - 00000000 ____D () C:\Program Files\Google
2014-05-20 23:59 - 2014-04-23 15:02 - 00019430 _____ () C:\Users\cornel_admin\Desktop\Mitgliederliste Cdu Überlingen.xlsx
2014-05-20 18:19 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-20 15:18 - 2014-05-20 15:18 - 00131072 _____ () C:\Windows\Minidump\Mini052014-01.dmp
2014-05-14 23:33 - 2014-05-14 23:33 - 00185368 _____ () C:\Windows\Minidump\Mini051414-02.dmp
2014-05-14 13:37 - 2014-05-14 13:37 - 00157136 _____ () C:\Windows\Minidump\Mini051414-01.dmp
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 02:14 - 2014-05-12 02:14 - 00178272 _____ () C:\Windows\Minidump\Mini051214-01.dmp
2014-05-11 16:21 - 2014-05-11 16:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\DIFX
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-05-11 02:07 - 2014-05-11 02:07 - 00000000 ____D () C:\Program Files\USB TV
2014-05-11 01:43 - 2014-05-11 01:43 - 00143784 _____ () C:\Windows\Minidump\Mini051114-02.dmp
2014-05-11 01:39 - 2014-05-11 01:39 - 00143784 _____ () C:\Windows\Minidump\Mini051114-01.dmp
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\Program Files\Geeks3D
2014-05-11 01:34 - 2014-05-11 01:35 - 05345101 _____ (Geeks3D ) C:\Users\cornel_admin\Downloads\FurMark_1.13.0_Setup.exe
2014-05-10 21:23 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

==================== One Month Modified Files and Folders =======

2014-05-30 15:15 - 2014-05-29 22:03 - 00018785 _____ () C:\Users\cornel_admin\Downloads\FRST.txt
2014-05-30 15:15 - 2014-05-28 15:30 - 00000000 ____D () C:\FRST
2014-05-30 15:12 - 2014-05-30 15:12 - 00001280 _____ () C:\Users\cornel_admin\Desktop\JRT.txt
2014-05-30 15:09 - 2006-11-02 14:52 - 01516750 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 15:08 - 2014-05-21 16:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 15:07 - 2014-05-30 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 15:04 - 2014-05-30 15:04 - 01016261 _____ (Thisisu) C:\Users\cornel_admin\Downloads\JRT.exe
2014-05-30 15:02 - 2013-03-06 19:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 15:02 - 2012-12-26 14:25 - 00000000 ____D () C:\Program Files\Steam
2014-05-30 14:59 - 2014-05-21 16:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 14:59 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 14:59 - 2006-11-02 14:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 14:59 - 2006-11-02 14:47 - 00004752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 14:58 - 2014-05-30 14:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-30 14:58 - 2012-09-30 19:40 - 00296802 _____ () C:\Windows\PFRO.log
2014-05-30 14:57 - 2006-11-02 15:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-30 14:56 - 2014-05-30 14:54 - 00000000 ____D () C:\AdwCleaner
2014-05-30 14:53 - 2014-05-30 14:53 - 01327971 _____ () C:\Users\cornel_admin\Downloads\adwcleaner_3.211.exe
2014-05-30 14:28 - 2014-05-30 02:05 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\Avg2014
2014-05-30 14:24 - 2014-05-30 14:24 - 00000000 ____D () C:\Users\cornel_admin\AppData\Roaming\AVG2014
2014-05-30 14:23 - 2014-05-30 14:23 - 00000867 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-30 14:23 - 2014-05-30 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-30 14:23 - 2014-05-30 14:21 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-30 14:21 - 2014-05-30 14:21 - 00000000 ___HD () C:\$AVG
2014-05-30 14:19 - 2014-05-30 14:19 - 00000000 ____D () C:\Program Files\AVG
2014-05-30 14:00 - 2014-05-29 23:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 12:19 - 2012-09-30 18:29 - 00000000 ____D () C:\Users\cornel_admin\AppData\Roaming\vlc
2014-05-30 12:16 - 2014-01-19 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-05-30 11:29 - 2012-09-30 19:00 - 00022016 _____ () C:\Users\cornel_admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-30 09:59 - 2014-05-30 09:59 - 00000000 __SHD () C:\found.001
2014-05-30 02:23 - 2014-05-30 02:23 - 00000000 ____D () C:\Users\cornel_admin\AppData\Roaming\Avira
2014-05-30 02:17 - 2014-05-30 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-30 02:16 - 2014-05-30 02:09 - 00000000 ____D () C:\ProgramData\Avira
2014-05-30 02:16 - 2014-05-30 02:09 - 00000000 ____D () C:\Program Files\Avira
2014-05-30 02:09 - 2014-05-30 02:09 - 00001011 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-30 02:08 - 2014-05-30 02:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-30 02:08 - 2014-05-30 02:07 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\cornel_admin\Downloads\avira_de_av_4007429802__ws.exe
2014-05-30 02:08 - 2012-11-23 23:52 - 00001356 _____ () C:\Users\cornel_admin\AppData\Local\d3d9caps.dat
2014-05-30 01:48 - 2014-05-30 01:40 - 152430976 _____ (AVG Technologies) C:\Users\cornel_admin\Downloads\avg_free_x86_all_2014_4592a7484.exe
2014-05-30 01:35 - 2014-05-30 01:35 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\MFAData
2014-05-30 01:22 - 2014-05-30 00:40 - 00569653 _____ () C:\Users\cornel_admin\Downloads\avgremover.log
2014-05-30 00:54 - 2014-05-30 00:54 - 04424240 _____ (AVG Technologies) C:\Users\cornel_admin\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-05-30 00:53 - 2014-05-30 00:53 - 00000000 ____D () C:\Users\cornel_admin\Downloads\avg_remover4116
2014-05-30 00:46 - 2014-05-30 00:46 - 03453210 _____ () C:\Users\cornel_admin\Downloads\avg_remover4116.zip
2014-05-30 00:39 - 2014-05-30 00:39 - 02586752 _____ (AVG Technologies CZ, s.r.o.) C:\Users\cornel_admin\Downloads\avg_remover_stf_x86_2013_2706.exe
2014-05-29 23:53 - 2014-05-29 23:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\cornel_admin\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-05-29 23:27 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Cursors
2014-05-29 23:07 - 2014-05-29 23:07 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 23:07 - 2014-05-29 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-29 23:07 - 2014-05-29 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 23:07 - 2014-05-29 23:07 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-29 23:06 - 2014-05-29 23:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\cornel_admin\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 22:42 - 2012-12-26 14:25 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-28 17:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-28 16:39 - 2006-11-02 12:33 - 01575982 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 16:36 - 2012-09-30 18:07 - 00101312 _____ () C:\Users\cornel_admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-28 16:33 - 2006-11-02 14:47 - 00377896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-28 16:18 - 2012-10-02 19:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-28 16:14 - 2012-10-03 22:28 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-28 16:14 - 2012-10-03 18:33 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-05-28 16:14 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-28 16:13 - 2012-10-03 23:53 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-28 16:13 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew
2014-05-28 16:13 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-28 16:05 - 2006-11-02 12:23 - 00000128 _____ () C:\Windows\win.ini
2014-05-28 15:30 - 2014-05-28 15:30 - 01056256 _____ (Farbar) C:\Users\cornel_admin\Downloads\FRST.exe
2014-05-28 15:02 - 2014-05-28 15:02 - 00159432 _____ () C:\Windows\Minidump\Mini052814-01.dmp
2014-05-28 15:02 - 2014-02-21 21:41 - 207265467 _____ () C:\Windows\MEMORY.DMP
2014-05-28 15:02 - 2012-10-01 00:04 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 _____ () C:\Users\cornel_admin\AppData\Local\{92807FA6-9DB8-4530-BB2B-0D29FEA41D8C}
2014-05-27 15:40 - 2014-05-27 15:40 - 00000000 ____D () C:\ProgramData\ATI
2014-05-27 15:39 - 2014-05-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-05-27 15:39 - 2013-11-06 18:37 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-05-27 15:37 - 2014-05-27 15:37 - 00018313 _____ () C:\Windows\system32\CCCInstall_201405271537066068.log
2014-05-27 15:35 - 2012-09-30 18:06 - 00000000 ____D () C:\Users\cornel_admin
2014-05-27 15:17 - 2013-07-06 21:50 - 00000000 ____D () C:\Program Files\ATI
2014-05-26 23:15 - 2012-10-23 18:23 - 00000000 ____D () C:\Users\cornel_admin\.gimp-2.8
2014-05-26 20:27 - 2014-05-26 20:27 - 00004657 _____ () C:\Users\cornel_admin\AppData\Local\recently-used.xbel
2014-05-26 00:13 - 2014-05-26 00:13 - 00143784 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-25 16:36 - 2013-02-26 15:46 - 00138992 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-25 16:35 - 2013-02-26 16:02 - 00281152 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-25 16:35 - 2013-02-26 15:45 - 00281152 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-23 16:47 - 2012-10-02 18:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-23 16:15 - 2014-05-23 16:15 - 00157136 _____ () C:\Windows\Minidump\Mini052314-01.dmp
2014-05-22 19:57 - 2014-05-22 19:57 - 00222624 _____ () C:\Windows\Minidump\Mini052214-01.dmp
2014-05-21 16:06 - 2014-05-21 16:06 - 00001972 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 16:06 - 2014-05-21 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 16:06 - 2014-05-21 16:03 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\Google
2014-05-21 16:05 - 2014-05-21 16:03 - 00000000 ____D () C:\Program Files\Google
2014-05-21 16:03 - 2012-12-03 14:37 - 00000000 ____D () C:\Users\cornel_admin\AppData\Local\Deployment
2014-05-20 18:28 - 2013-08-19 16:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-20 18:25 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-20 15:18 - 2014-05-20 15:18 - 00131072 _____ () C:\Windows\Minidump\Mini052014-01.dmp
2014-05-14 23:33 - 2014-05-14 23:33 - 00185368 _____ () C:\Windows\Minidump\Mini051414-02.dmp
2014-05-14 23:26 - 2012-09-30 18:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 15:03 - 2012-11-04 18:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 15:03 - 2012-11-04 18:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 13:37 - 2014-05-14 13:37 - 00157136 _____ () C:\Windows\Minidump\Mini051414-01.dmp
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 07:26 - 2014-05-29 23:07 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-29 23:07 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-29 23:07 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 02:14 - 2014-05-12 02:14 - 00178272 _____ () C:\Windows\Minidump\Mini051214-01.dmp
2014-05-11 16:21 - 2014-05-11 16:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\DIFX
2014-05-11 02:09 - 2014-05-11 02:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-05-11 02:09 - 2013-10-14 20:29 - 00011950 _____ () C:\Windows\DPINST.LOG
2014-05-11 02:07 - 2014-05-11 02:07 - 00000000 ____D () C:\Program Files\USB TV
2014-05-11 02:07 - 2012-09-30 22:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-11 01:43 - 2014-05-11 01:43 - 00143784 _____ () C:\Windows\Minidump\Mini051114-02.dmp
2014-05-11 01:39 - 2014-05-11 01:39 - 00143784 _____ () C:\Windows\Minidump\Mini051114-01.dmp
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-05-11 01:36 - 2014-05-11 01:36 - 00000000 ____D () C:\Program Files\Geeks3D
2014-05-11 01:35 - 2014-05-11 01:34 - 05345101 _____ (Geeks3D ) C:\Users\cornel_admin\Downloads\FurMark_1.13.0_Setup.exe
2014-05-11 01:29 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-11 01:01 - 2012-10-04 20:56 - 00022502 _____ () C:\Windows\IE9_main.log
2014-05-09 11:16 - 2014-05-30 02:16 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-09 11:16 - 2014-05-30 02:16 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-09 11:16 - 2014-05-30 02:16 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-09 11:16 - 2014-05-30 02:16 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

Some content of TEMP:
====================
C:\Users\cornel_admin\AppData\Local\Temp\10-2_legacy_vista32-64_dd_ccc.exe
C:\Users\cornel_admin\AppData\Local\Temp\avgnt.exe
C:\Users\cornel_admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5kypdm.dll
C:\Users\cornel_admin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\cornel_admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cornel_admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\cornel_admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\cornel_admin\AppData\Local\Temp\ose00000.exe
C:\Users\cornel_admin\AppData\Local\Temp\ose00001.exe
C:\Users\cornel_admin\AppData\Local\Temp\ose00002.exe
C:\Users\cornel_admin\AppData\Local\Temp\ose00003.exe
C:\Users\cornel_admin\AppData\Local\Temp\Quarantine.exe
C:\Users\cornel_admin\AppData\Local\Temp\Uni000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 15:08

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by cornel_admin at 2014-05-30 15:16:30
Running from C:\Users\cornel_admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (Version: 2.01.0000 - ATI Technologies Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Avira (HKLM\...\{68e29fba-92b1-4f6f-a604-1d8679da3a9f}) (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Battlefield 2 (HKLM\...\Steam App 24860) (Version:  - DICE)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Czech (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Danish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Dutch (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help English (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Finnish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help French (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help German (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Greek (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Italian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Japanese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Korean (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Polish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Russian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Spanish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Swedish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Thai (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Turkish (Version: 2010.0210.2338.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0210.2339.42455 - ATI) Hidden
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Counter-Strike (HKLM\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM\...\Steam App 100) (Version:  - Ritual)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
Counter-Strike: Source Beta (HKLM\...\Steam App 260) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
Debugging Tools for Windows (HKLM\...\{1C943495-B69F-4D41-AE0E-23C57ECD90EE}) (Version: 6.4.7.2 - Microsoft Corporation)
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
Dr. Hardware 2013 13.5d (HKLM\...\Dr. Hardware 2013_is1) (Version:  - Peter A. Gebhard)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
GameSpy Comrade (HKLM\...\{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 - GameSpy)
Geeks3D FurMark 1.13.0 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
G-Force (HKLM\...\G-Force) (Version: 3.7.4 - SoundSpectrum)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{7D1EFB03-7D84-446E-8B90-6ECD7EDF4D55}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inkscape 0.48.2 (HKCU\...\Inkscape) (Version: 0.48.2 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Logitech Gaming Software 5.04 (HKLM\...\{768F22DC-2D20-4F52-A9A1-5E231FB7F752}) (Version: 5.04.110 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Package: Samsung Galaxy S3 ToolKit (HKLM\...\SamsungGalaxyS3ToolKit30) (Version: 4.0.0.0 - skipsoft)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
Razer Krait (HKLM\...\{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}) (Version: 5.01 -  Razer USA Ltd.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB Video Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI)
Vistawinexit (HKLM\...\{2FC1B08D-B4B6-42F4-B1BF-C913625EAC6C}_is1) (Version: 7 - hxxp://www.kurt-selzam.de/)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0) (HKLM\...\69083DC58646DE46A09847A522A1CC487F918039) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.8.3 (32-bit) (HKLM\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Warcraft FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Restore Points  =========================

30-05-2014 10:14:33 Removed TomTom HOME.
30-05-2014 10:19:36 Removed TomTom HOME Visual Studio Merge Modules
30-05-2014 12:19:21 Installed 
30-05-2014 12:20:13 Installed AVG 2014

==================== Hosts content: ==========================

2006-11-02 12:23 - 2012-10-26 23:01 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {042FC5F8-9A4D-4FF3-AC0D-A0624686D6AA} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: {0E33A7C4-652E-4612-BD5B-632A6829CEF7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2F203076-CED9-4DC0-8403-BF92CD13B6D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {466F72D5-2929-45FD-BB1E-76DC796E8814} - System32\Tasks\HP AR Program Upload - 59c863515cfd4b1283bf8bc770ae5ea7345d8d9b4dda475dbb451a459a554baa => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {4F5B9232-2265-469B-8993-25DAFB84D9A0} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {5319808D-24B3-4F9C-AB50-967F3E95F9A3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {672ED6C9-005A-4BFD-BE25-65C188191C3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {B98B1DC9-EA42-48C9-84F0-2EC06134BF9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-10-01] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2010-02-11 07:30 - 2010-02-11 07:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-26 15:45 - 2013-02-26 16:28 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-14 14:27 - 2014-05-14 14:27 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00065616 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-10-14 20:29 - 2007-02-16 17:44 - 00126976 _____ () C:\Program Files\Razer\Krait\razerhid.exe
2014-05-30 02:18 - 2014-05-14 14:27 - 00049744 _____ () C:\Users\cornel_admin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-22 20:14 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files\Steam\libavcodec-55.dll
2014-04-23 13:46 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files\Steam\libavutil-53.dll
2014-05-22 20:14 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files\Steam\libavformat-55.dll
2014-01-09 20:26 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files\Steam\libavresample-1.dll
2013-03-12 18:10 - 2014-05-17 03:36 - 00756224 _____ () C:\Program Files\Steam\SDL2.dll
2014-05-22 20:14 - 2014-05-29 19:37 - 02139840 _____ () C:\Program Files\Steam\video.dll
2014-05-22 20:14 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files\Steam\libswscale-2.dll
2013-02-14 04:14 - 2014-05-29 19:36 - 01116864 _____ () C:\Program Files\Steam\bin\chromehtml.dll
2013-01-22 05:22 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files\Steam\bin\libcef.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files\Steam\bin\avcodec-53.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files\Steam\bin\avutil-51.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files\Steam\bin\avformat-53.dll
2013-10-14 20:29 - 2007-02-16 17:46 - 00114688 _____ () C:\Program Files\Razer\Krait\razertra.exe
2014-05-27 15:39 - 2014-05-27 15:39 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-04 23:32 - 2010-07-04 23:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-05-21 16:06 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-21 16:06 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-21 16:06 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-21 16:06 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
2014-05-21 16:13 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-05-21 16:13 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\cornel_admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Spotify => "C:\Users\cornel_admin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\cornel_admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-30 15:16:20.370
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 15:16:20.106
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 15:16:19.846
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 15:16:19.602
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 15:16:19.350
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 15:16:19.079
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 15:16:18.823
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 15:16:18.579
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 15:16:18.051
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-30 15:16:17.795
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 69%
Total physical RAM: 3070.64 MB
Available physical RAM: 940.26 MB
Total Pagefile: 6371.31 MB
Available Pagefile: 3288.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.38 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:199.74 GB) (Free:99.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive j: (Daten) (Fixed) (Total:172.87 GB) (Free:34.41 GB) NTFS
Drive p: (Puffer) (Fixed) (Total:232.88 GB) (Free:50.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: AA4B8893)
Partition 1: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=173 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 522EA6AD)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Viele Grüße!

Alt 30.05.2014, 23:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Zitat:
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
Wer hat eigentlich gesgat du sollst Avira installieren? Noch nie davon gehört dass sich sowas wie Avira und AVG gegenseitig in die Quere kommen und dann keiner mehr Schutz bietet?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2014, 23:41   #13
helpsearch
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Das war meine Entscheidung.
Doch ich weiß davon.
Allerdings wollte ich einen übergangsweisen Virenscanner, so lange AVG nicht so tut wie es soll.

Desweiteren habe ich ja erwähnt, dass ich Avira erstmal wieder deaktiviert habe, nachdem ich AVG wieder zum laufen bekommen habe.

Für mich in dieser Ausnahmesituation war dass das "beste". Man ist halt sehr verunsichert als Laie...

Geändert von helpsearch (30.05.2014 um 23:54 Uhr)

Alt 30.05.2014, 23:58   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Avira muss wieder runter. Mach dann Kontrollscans mit MBAM und ESET und ja, bei denen ist es okay wenn man die zusammen mit einem anderen Scanner benutzt

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.06.2014, 17:19   #15
helpsearch
 
avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Standard

avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"



Hallo cosinus,


ESET zeigte an "2 Bedrohungen erkannt", schreibt dies allerdings nicht in den Log.
(Myphone Explorer, den ich schon vor Ewigkeiten aus offizieller Quelle geladen habe)

mbam.txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.06.2014
Suchlauf-Zeit: 11:39:04
Logdatei: 123.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.02.03
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: cornel_admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 250103
Verstrichene Zeit: 18 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

ESET log.txt:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
         

Antwort

Themen zu avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"
antivirus, avg antivirus, bonjour, booten, branding, browser, desktop, entfernen, excel, flash player, google, home, homepage, iexplore.exe, mozilla, mp3, officejet, popup, programm, registry, scan, security, siehe titel, software, spotify web helper, starten, super, svchost.exe, system, taskmanager, windows



Ähnliche Themen: avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"


  1. Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir
    Log-Analyse und Auswertung - 18.11.2014 (7)
  2. Avira Pro - "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator."
    Plagegeister aller Art und deren Bekämpfung - 15.11.2014 (22)
  3. G DATA INTERNET SECURITY "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert."
    Log-Analyse und Auswertung - 11.11.2014 (7)
  4. Avira Pro - Dieses Programm wurde durch eine Gruppenrichtlinie geblockt.
    Plagegeister aller Art und deren Bekämpfung - 16.10.2014 (12)
  5. Win 7: Avast Antivir Fehler "dieses Programm wurde durch eine Gruppenrichtlinie blockiert [...]"
    Log-Analyse und Auswertung - 08.10.2014 (8)
  6. Windows Vista G Data: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt
    Log-Analyse und Auswertung - 23.08.2014 (9)
  7. Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar
    Plagegeister aller Art und deren Bekämpfung - 27.07.2014 (41)
  8. Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt
    Log-Analyse und Auswertung - 24.07.2014 (12)
  9. "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert." (AVAST)
    Plagegeister aller Art und deren Bekämpfung - 21.07.2014 (12)
  10. "Avira wird durch eine Gruppenrichtlinie blockiert" Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 02.07.2014 (12)
  11. "Avira wird durch eine Gruppenrichtlinie blockiert"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (37)
  12. "Avira wird durch eine Gruppenrichtlinie blockiert" - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 22.06.2014 (16)
  13. Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator.
    Log-Analyse und Auswertung - 18.06.2014 (19)
  14. Avast wurde durch eine Gruppenrichtlinie geblockt
    Plagegeister aller Art und deren Bekämpfung - 01.06.2014 (9)
  15. Windows 7 x64 Kaspersky Nach Trojaner: "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert.[...]"
    Log-Analyse und Auswertung - 30.05.2014 (9)
  16. Windows 7 Home: Problem beim Starten des Virenscanners "dieses programm wurde durch die Gruppenrichtlinie blockiert "
    Log-Analyse und Auswertung - 05.05.2014 (9)
  17. Virus / Trojaner blockiert Avira "...wurde durch eine Gruppenrichtlinie blockiert"
    Log-Analyse und Auswertung - 20.03.2014 (7)

Zum Thema avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" - Guten Tag, erstmal bin ich froh, dass ich Euch ergoogelt habe, der erste Eindruck ist schon echt super, man scheint hier sehr hilfsbereit zu sein Ich brauche bitte Eure Hilfe - avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin"...
Archiv
Du betrachtest: avgui "wurde durch eine Gruppenrichtlinie geblockt [...] Weitere Infos vom SysAdmin" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.