Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7, stängige PUP und DMUNINSTALL

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.06.2014, 20:38   #1
maxiflozo
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Hallo liebes Tojaner-Board Team.
Ich bin eine Hilfe suchende Mama(50) und hoffe, dass mein Laptop noch zu retten ist.
Also, mein Sohn(13) hat sich vor ca 1 Jahr Minecraft und noch einiges mehr runter geladen. Der Lap wurde immer schwerfälliger und seit neuestem poppen permanent, ununterbrochen, irgendwelche Fenster auf. Ich habe im Internet gestöbert und bin auf diese super Seite gestossen. Ich habe in einem Beitrag (den ich aber leider nicht mehr finde) ein ähnliches Problem gefunden und die dort angeordneten Schritte durchgeführt (adwcleaner/jrt/sc-cleaner/frst) erst später habe ich gesehen, dass man das nicht soll/darf. Ich habe jetzt nur noch die Addition.txt und die FRST.txt gefunden. Momentan poppt nichts mehr auf, aber ich bin mir nicht sicher, dass alles entfernt ist, was hier nicht her gehört. Ich wäre sehr dankbar, wenn Ihr mir helfen könntet. Ich bin aber KEIN Computerspezi und es kann sein dass ich nicht alles gleich verstehe, was ich machen soll.
Vielen lieben Dank im Voraus.
Maxiflozo

Alt 04.06.2014, 23:13   #2
Bootsektor
/// TB-Ausbilder
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Poste mir bitte die vorhandenen Logs.
__________________

__________________

Alt 05.06.2014, 07:11   #3
maxiflozo
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Zollmann at 2014-06-04 19:30:08
Running from C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2006331508.48.56.3937658 - Audible, Inc.)
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.112 - ALPS ELECTRIC CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 3.41 - Happy Cloud, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Lollipop (HKCU\...\lollipop_06031556) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\ilividmoviestoolbarhaFF) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\ilividmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{A20A58C4-6784-4B4B-86CC-94E2E3671031}) (Version: 7.02.8637 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Save Sense (remove only) (HKCU\...\Save Sense) (Version: 6.4.1.0 - SaveSense) <==== ATTENTION
Savings Wizard (HKLM-x32\...\38906_Savings Wizard) (Version: 1.0 - Exciting Apps) <==== ATTENTION
Search-Results Toolbar (HKLM-x32\...\ilividtoolbargaw) (Version: 1.2.0.0 - APN LLC) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

25-04-2014 18:30:01 Windows Update
03-06-2014 15:27:42 Windows Update
03-06-2014 16:45:27 avast! antivirus system restore point
03-06-2014 16:48:02 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
03-06-2014 21:46:45 RegClean Pro Tue, Jun 03, 14  23:46
03-06-2014 22:27:19 Windows Update
04-06-2014 14:11:44 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-03 18:37 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts
54.204.28.26	ajakpekbmnkgnjbpajgkdhimcbeoocam

==================== Scheduled Tasks (whitelisted) =============

Task: {0C450561-1564-4C4A-9185-C5213A078C53} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {14172AAE-12F7-4221-BE30-DD1494BDE2F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-03] (Adobe Systems Incorporated)
Task: {1E7857FC-D65D-4C0D-891D-884BCDDE1022} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26] (Google Inc.)
Task: {2EB573F1-E603-4E41-87C4-2B8F0E975D46} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {312660CE-0491-47CE-A6A6-F8091DEEAC99} - \MediaPlayerEnhance-firefoxinstaller No Task File <==== ATTENTION
Task: {348C7189-0AEC-4A9D-883A-4498C141FB66} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {4A330A5D-9360-48B0-B6E5-6A923A626382} - \SaveSenseLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4A6DDDEF-DBA6-40D5-BA1B-CC480CE77671} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26] (Google Inc.)
Task: {4F97C33C-1328-4906-A38B-AF50EDED132E} - \MediaPlayerEnhance-updater No Task File <==== ATTENTION
Task: {5694831A-A83C-465B-AC39-132B095B0787} - System32\Tasks\{5C539E34-193E-4FE7-AF3C-F7C5EC4139AA} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.7.0.102&amp;LastError=2
Task: {5695D4AB-D7EB-4A97-9964-6365A178E4C8} - \MediaPlayerEnhance-codedownloader No Task File <==== ATTENTION
Task: {6B4B203D-9C1A-48B2-A10E-1FD793FC20FC} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {7C6FE53A-CD98-41F9-9E0D-F06EEA1314F4} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION
Task: {82036D04-3608-438B-8EA9-C47FC0FDBD1A} - \bench-sys No Task File <==== ATTENTION
Task: {8B407590-D6EB-48BB-B6B2-F38E3DF9D8AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9625D735-7448-497F-90FB-3F7CFD4CB073} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {A5CD20B8-5AB0-4AE8-94A6-87B6DA834FE1} - \MediaPlayerEnhance-enabler No Task File <==== ATTENTION
Task: {B8E16520-AA2C-46C5-8694-A05BBF04460A} - \SaveSenseLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C0033F9B-6B52-4A26-80F2-A772BD9C1C9D} - \MediaPlayerEnhance-chromeinstaller No Task File <==== ATTENTION
Task: {C1133D61-0697-4403-A453-AB350EF47598} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-03] (AVAST Software)
Task: {DE0478C8-D9B2-4978-9367-749AA9444573} - \SaveSense No Task File <==== ATTENTION
Task: {E5EAF08F-3A7D-4F41-AF08-614B82BC3AB3} - System32\Tasks\bench-S-1-5-21-1615557796-2480273254-405201019-1000 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {EC9C7114-1D5B-49C0-B23E-FC9A4223E3C3} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\bench-S-1-5-21-1615557796-2480273254-405201019-1000.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-04 16:10 - 2014-06-04 16:10 - 02260480 _____ () C:\Program Files\AVAST Software\Avast\defs\14060400\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-18 17:52 - 2013-11-18 17:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 07:28:43 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/04/2014 07:28:43 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Zollmann\Downloads\avast_internet_security_setup.exeC:\Users\Zollmann\Downloads\avast_internet_security_setup.exe0


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 4047.92 MB
Available physical RAM: 2233.54 MB
Total Pagefile: 8094.02 MB
Available Pagefile: 6136.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:32.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 1F68E14E)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Zollmann (administrator) on ZOLLMANN-PC on 04-06-2014 19:29:32
Running from C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [681880 2012-08-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-06-03] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Bench Communicator Watcher] => C:\Program Files (x86)\Bench\Proxy\pwdg.exe
HKLM-x32\...\Run: [Bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1615557796-2480273254-405201019-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-1615557796-2480273254-405201019-1000\...\Run: [Infigo] => C:\Program Files (x86)\Infigo\Infigo.exe onrun
HKU\S-1-5-21-1615557796-2480273254-405201019-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DEF9B7508AFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
URLSearchHook: HKCU - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {151F87EE-8DC4-497D-BB7C-3A3D66F38EE2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {151F87EE-8DC4-497D-BB7C-3A3D66F38EE2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -  No File
BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 54.204.28.26	ajakpekbmnkgnjbpajgkdhimcbeoocam
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default
FF NewTab: chrome://lightning/content/newtab.html
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=prc265
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF SearchPlugin: C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Widget context - C:\Users\Zollmann\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-10]
FF Extension: Savings Wizard - C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C} [2014-01-31]
FF Extension: No Name - C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-25]
FF Extension: PlurPush - C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi [2014-06-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-29]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: https://de.yahoo.com?fr=hp-avast&type=prc265
CHR StartupUrls: "https://de.yahoo.com?fr=hp-avast&type=prc265"
CHR Extension: (Google Docs) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-26]
CHR Extension: (YouTube) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-26]
CHR Extension: (Google Search) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-26]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Gmail) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-06-03] (AVAST Software)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-03] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2013-03-02] (Microsoft Corporation)
R1 {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64; C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys [61112 2014-05-27] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 19:29 - 2014-06-04 19:29 - 00000000 ____D () C:\FRST
2014-06-04 19:19 - 2014-06-04 19:19 - 00000795 _____ () C:\Windows\setupact.log
2014-06-04 19:19 - 2014-06-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 18:51 - 2014-06-04 18:51 - 00001814 _____ () C:\sc-cleaner.txt
2014-06-04 18:27 - 2014-06-04 18:27 - 00000628 _____ () C:\Users\Zollmann\Desktop\JRT.txt
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 17:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-04 17:24 - 2014-06-04 18:04 - 00000000 ____D () C:\AdwCleaner
2014-06-04 16:22 - 2014-06-04 16:22 - 00000000 _____ () C:\Users\Zollmann\AppData\Local\{D896E55B-3A09-4986-830C-2736E40E0E7F}
2014-06-04 00:30 - 2014-06-04 00:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-04 00:30 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-04 00:30 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-04 00:30 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-04 00:30 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-04 00:30 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-04 00:30 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-04 00:29 - 2014-04-12 04:34 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-04 00:29 - 2014-04-12 04:34 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-04 00:29 - 2014-04-12 04:32 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-06-04 00:29 - 2014-04-12 04:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2014-06-04 00:29 - 2014-04-12 04:29 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00685056 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2014-06-04 00:29 - 2014-04-12 04:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-04 00:29 - 2014-04-12 04:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-04 00:29 - 2014-04-12 04:05 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-04 00:29 - 2014-04-12 04:05 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-04 00:29 - 2014-04-12 04:05 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-04 00:29 - 2014-04-12 04:04 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-06-04 00:29 - 2014-04-12 04:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00685056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-06-04 00:29 - 2014-04-12 03:03 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-04 00:29 - 2014-04-12 03:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-04 00:29 - 2014-04-12 03:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-04 00:29 - 2014-03-04 13:11 - 05553088 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-04 00:29 - 2014-03-04 13:08 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-04 00:29 - 2014-03-04 13:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00315904 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-04 00:29 - 2014-03-04 12:42 - 03974080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-04 00:29 - 2014-03-04 12:42 - 03918784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-04 00:29 - 2014-03-04 12:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-04 00:29 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-04 00:29 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-03 23:47 - 2014-06-03 23:51 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-06-03 23:47 - 2014-06-03 23:47 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-06-03 23:18 - 2014-03-25 04:34 - 14179328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-03 23:18 - 2014-03-25 04:18 - 12877312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-03 23:17 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-03 23:17 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 23:16 - 2014-06-03 23:16 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-03 22:01 - 2014-06-03 22:03 - 133194920 _____ () C:\Users\Zollmann\Downloads\avast_internet_security_setup.exe
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieUserList
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieSiteList
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-03 19:00 - 2014-06-03 19:00 - 00000045 _____ () C:\Users\Zollmann\AppData\Roaming\WB.CFG
2014-06-03 18:51 - 2014-06-03 18:51 - 04415768 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-06-03 18:49 - 2014-06-03 18:50 - 04483020 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_free_stb_all_2014_4592_affiliate.exe
2014-06-03 18:48 - 2014-06-03 18:48 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-03 18:47 - 2014-06-03 18:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-03 18:46 - 2014-06-03 18:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-06-03 18:46 - 2014-06-03 18:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 18:37 - 2014-06-04 16:45 - 00000003 _____ () C:\Users\Zollmann\AppData\Local\proxy.log
2014-06-03 18:34 - 2014-06-03 18:34 - 04892480 _____ (WinZip International LLC ) C:\Users\Zollmann\Downloads\wzmp_8.exe
2014-06-03 18:22 - 2014-06-03 18:22 - 94714880 _____ (AVAST Software) C:\Users\Zollmann\Downloads\avast_free_antivirus_setup2018.exe
2014-06-03 18:13 - 2014-06-03 18:13 - 00005224 _____ () C:\Users\Zollmann\Desktop\Windows-Kompatibilitätsbericht.htm
2014-06-03 18:09 - 2014-06-03 18:15 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-06-03 18:09 - 2014-06-03 18:15 - 00001908 _____ () C:\Windows\diagerr.xml
2014-06-03 18:04 - 2014-06-04 00:15 - 00003462 _____ () C:\Windows\System32\Tasks\RegistryDr_Popup
2014-06-03 17:59 - 2014-05-27 13:10 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
2014-06-03 17:40 - 2014-06-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-03 17:40 - 2014-06-03 17:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 17:28 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-03 17:28 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-03 17:28 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-03 17:28 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-03 17:28 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-03 17:28 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-03 17:28 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-03 17:28 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-03 17:28 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-03 17:28 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-03 17:28 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-03 17:28 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-03 17:28 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-03 17:28 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-03 17:28 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-03 17:28 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-03 17:28 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-03 17:28 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-03 17:28 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-03 17:28 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-03 17:28 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-03 17:28 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-03 17:28 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-03 17:28 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-03 17:28 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-03 17:28 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-03 17:28 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-03 17:28 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-03 17:28 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-03 17:28 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-03 17:28 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-03 17:28 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-03 17:28 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-03 17:28 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-03 17:28 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-03 17:28 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-03 17:28 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-03 17:28 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-03 17:28 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-03 17:28 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-03 17:28 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-03 17:28 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-03 17:28 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-03 17:28 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-06-04 19:29 - 2014-06-04 19:29 - 00000000 ____D () C:\FRST
2014-06-04 19:29 - 2013-05-29 12:36 - 00000000 ____D () C:\Users\Zollmann\AppData\Local\Temp
2014-06-04 19:20 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 19:20 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 19:20 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 19:19 - 2014-06-04 19:19 - 00000795 _____ () C:\Windows\setupact.log
2014-06-04 19:19 - 2014-06-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 19:18 - 2013-09-07 15:52 - 00000000 ____D () C:\Users\Zollmann\AppData\Local\LogMeIn Hamachi
2014-06-04 19:11 - 2013-05-29 12:30 - 01834374 ____N () C:\Windows\WindowsUpdate.log
2014-06-04 18:59 - 2013-09-26 17:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 18:51 - 2014-06-04 18:51 - 00001814 _____ () C:\sc-cleaner.txt
2014-06-04 18:48 - 2013-05-29 12:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 18:27 - 2014-06-04 18:27 - 00000628 _____ () C:\Users\Zollmann\Desktop\JRT.txt
2014-06-04 18:13 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 18:13 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 18:10 - 2013-05-29 18:35 - 00000000 ____D () C:\Users\Zollmann\AppData\Roaming\Skype
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 18:07 - 2014-01-31 23:40 - 00000350 _____ () C:\Windows\Tasks\bench-S-1-5-21-1615557796-2480273254-405201019-1000.job
2014-06-04 18:06 - 2013-05-29 13:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-04 18:05 - 2013-09-26 17:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 18:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 18:04 - 2014-06-04 17:24 - 00000000 ____D () C:\AdwCleaner
2014-06-04 17:29 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-04 17:27 - 2013-05-29 12:38 - 00001001 _____ () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-04 17:27 - 2013-05-29 12:36 - 00000000 ____D () C:\Users\Zollmann
2014-06-04 16:45 - 2014-06-03 18:37 - 00000003 _____ () C:\Users\Zollmann\AppData\Local\proxy.log
2014-06-04 16:22 - 2014-06-04 16:22 - 00000000 _____ () C:\Users\Zollmann\AppData\Local\{D896E55B-3A09-4986-830C-2736E40E0E7F}
2014-06-04 16:21 - 2013-05-29 12:38 - 00000000 ___RD () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 16:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-04 16:14 - 2014-01-31 23:40 - 00001046 __RSH () C:\ProgramData\ntuser.pol
2014-06-04 16:08 - 2013-05-29 12:38 - 00000000 ___RD () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-04 00:30 - 2014-06-04 00:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-04 00:30 - 2013-08-18 20:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-04 00:28 - 2013-06-08 22:25 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-04 00:24 - 2014-03-12 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-06-04 00:24 - 2014-03-12 20:49 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-06-04 00:15 - 2014-06-03 18:04 - 00003462 _____ () C:\Windows\System32\Tasks\RegistryDr_Popup
2014-06-03 23:51 - 2014-06-03 23:47 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-06-03 23:51 - 2009-07-14 04:34 - 65011712 _____ () C:\Windows\system32\config\software.bak
2014-06-03 23:51 - 2009-07-14 04:34 - 15990784 _____ () C:\Windows\system32\config\system.bak
2014-06-03 23:51 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-06-03 23:48 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-06-03 23:47 - 2014-06-03 23:47 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-06-03 23:35 - 2014-03-31 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 23:35 - 2013-05-29 12:37 - 00000000 ____D () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 23:35 - 2013-05-29 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 23:35 - 2013-05-29 12:37 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-03 23:16 - 2014-06-03 23:16 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-03 22:55 - 2013-09-26 17:22 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-03 22:55 - 2013-05-29 13:46 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-03 22:55 - 2013-05-29 13:46 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-03 22:03 - 2014-06-03 22:01 - 133194920 _____ () C:\Users\Zollmann\Downloads\avast_internet_security_setup.exe
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieUserList
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieSiteList
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-03 19:00 - 2014-06-03 19:00 - 00000045 _____ () C:\Users\Zollmann\AppData\Roaming\WB.CFG
2014-06-03 18:51 - 2014-06-03 18:51 - 04415768 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-06-03 18:50 - 2014-06-03 18:49 - 04483020 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_free_stb_all_2014_4592_affiliate.exe
2014-06-03 18:48 - 2014-06-03 18:48 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-03 18:48 - 2013-11-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-03 18:47 - 2014-06-03 18:46 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-06-03 18:47 - 2014-01-11 18:26 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-03 18:47 - 2013-05-29 13:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-03 18:47 - 2013-05-29 13:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-03 18:46 - 2014-06-03 18:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-03 18:46 - 2014-06-03 18:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 18:46 - 2013-09-26 17:17 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-03 18:46 - 2013-05-29 13:49 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-03 18:37 - 2014-01-31 23:40 - 00003230 _____ () C:\Windows\System32\Tasks\bench-S-1-5-21-1615557796-2480273254-405201019-1000
2014-06-03 18:34 - 2014-06-03 18:34 - 04892480 _____ (WinZip International LLC ) C:\Users\Zollmann\Downloads\wzmp_8.exe
2014-06-03 18:22 - 2014-06-03 18:22 - 94714880 _____ (AVAST Software) C:\Users\Zollmann\Downloads\avast_free_antivirus_setup2018.exe
2014-06-03 18:15 - 2014-06-03 18:09 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-06-03 18:15 - 2014-06-03 18:09 - 00001908 _____ () C:\Windows\diagerr.xml
2014-06-03 18:13 - 2014-06-03 18:13 - 00005224 _____ () C:\Users\Zollmann\Desktop\Windows-Kompatibilitätsbericht.htm
2014-06-03 17:58 - 2013-05-29 16:06 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-03 17:57 - 2014-03-27 17:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-03 17:57 - 2013-05-29 18:35 - 00000000 ____D () C:\ProgramData\Skype
2014-06-03 17:54 - 2013-09-26 17:21 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-03 17:54 - 2013-09-26 17:21 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-03 17:48 - 2013-05-29 12:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-03 17:48 - 2013-05-29 12:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-03 17:48 - 2013-05-29 12:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-03 17:40 - 2014-06-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-03 17:40 - 2014-06-03 17:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-03 17:40 - 2013-08-14 00:31 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-03 17:40 - 2013-08-14 00:31 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-03 17:40 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 17:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-27 13:10 - 2014-06-03 17:59 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
2014-05-09 08:14 - 2014-06-03 23:17 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-06-03 23:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-06-04 00:30 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-06-04 00:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-06-04 00:30 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-06-04 00:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-06-04 00:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-06-04 00:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Zollmann\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-06-04 00:29] - [2014-03-04 13:08] - 0455680 ____A (Microsoft Corporation) 6CE2AE073BD21C542FC2C707CAE944CC

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-03-02 17:15] - [2013-03-02 17:15] - 2871296 ____A (Microsoft Corporation) 70D758D2DBE79757421017EE68143763

C:\Windows\SysWOW64\explorer.exe
[2013-03-02 17:15] - [2013-03-02 17:15] - 2616320 ____A (Microsoft Corporation) B0846DB5BDAB92131529A58E627FCEB7

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2013-03-02 16:40] - [2013-03-02 16:40] - 1008128 ____A (Microsoft Corporation) 7FB4D54B502C6CF2E35B8188FA4CC08C

C:\Windows\SysWOW64\User32.dll
[2013-03-02 16:40] - [2013-03-02 16:40] - 0833024 ____A (Microsoft Corporation) 9B836EE76E3A99052EF6DEA52B41D1BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2013-03-02 17:19] - [2013-03-02 17:19] - 0512512 ____A (Microsoft Corporation) 83D5AD7CFDB1F9D42C3CD102B20FFA0A

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2013-03-02 17:09] - [2013-03-02 17:09] - 0296304 ____A (Microsoft Corporation) A56F2326CE33646CDA95E7A9E7163FFA



LastRegBack: 2014-03-04 18:51

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 05.06.2014, 10:04   #4
Bootsektor
/// TB-Ausbilder
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Hallo Maxiflozo,

schaust du bitte noch, ob du das Log vom adwarecleaner findest? Das müsste unter C:\AdwCleaner[R1].txt. liegen, poste mir dieses bitte auch noch.

Kennst du diesen Eintrag in deiner Host-Datei?

Zitat:
54.204.28.26 ajakpekbmnkgnjbpajgkdhimcbeoocam
Lad dir Software immer vom Hersteller runter, sag das auch deinem Sohn! Den meisten Dreck fängt man sich über Softonic und Co. ein. Auch Installer haben das sehr oft in sich!

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :

McAfee Security Scan Plus
Lollipop
Movies Toolbar for Firefox
Movies Toolbar for Internet Explorer
Save Sense
Savings Wizard
Search-Results Toolbar

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
FF NewTab: chrome://lightning/content/newtab.html
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: PlurPush - C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi [2014-06-03]
FF Extension: No Name - C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64; C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys [61112 2014-05-27] (StdLib)
Task: {0C450561-1564-4C4A-9185-C5213A078C53} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {2EB573F1-E603-4E41-87C4-2B8F0E975D46} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {312660CE-0491-47CE-A6A6-F8091DEEAC99} - \MediaPlayerEnhance-firefoxinstaller No Task File <==== ATTENTION
Task: {348C7189-0AEC-4A9D-883A-4498C141FB66} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {4A330A5D-9360-48B0-B6E5-6A923A626382} - \SaveSenseLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4F97C33C-1328-4906-A38B-AF50EDED132E} - \MediaPlayerEnhance-updater No Task File <==== ATTENTION
Task: {5695D4AB-D7EB-4A97-9964-6365A178E4C8} - \MediaPlayerEnhance-codedownloader No Task File <==== ATTENTION
Task: {6B4B203D-9C1A-48B2-A10E-1FD793FC20FC} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {7C6FE53A-CD98-41F9-9E0D-F06EEA1314F4} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION
Task: {82036D04-3608-438B-8EA9-C47FC0FDBD1A} - \bench-sys No Task File <==== ATTENTION
Task: {A5CD20B8-5AB0-4AE8-94A6-87B6DA834FE1} - \MediaPlayerEnhance-enabler No Task File <==== ATTENTION
Task: {B8E16520-AA2C-46C5-8694-A05BBF04460A} - \SaveSenseLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C0033F9B-6B52-4A26-80F2-A772BD9C1C9D} - \MediaPlayerEnhance-chromeinstaller No Task File <==== ATTENTION
Task: {DE0478C8-D9B2-4978-9367-749AA9444573} - \SaveSense No Task File <==== ATTENTION
Task: {E5EAF08F-3A7D-4F41-AF08-614B82BC3AB3} - System32\Tasks\bench-S-1-5-21-1615557796-2480273254-405201019-1000 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {EC9C7114-1D5B-49C0-B23E-FC9A4223E3C3} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION
C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
C:\Users\Zollmann\AppData\Local\Temp\Quarantine.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 05.06.2014, 17:38   #5
maxiflozo
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Hallo Sandra,
vielen Dank schon mal für deine freundliche und vor allem prima verständliche Hilfe. Es macht sogar ein bisschen Spass.
Also:
Code:
ATTFilter
# AdwCleaner v3.211 - Bericht erstellt am 04/06/2014 um 17:54:29
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Zollmann - ZOLLMANN-PC
# Gestartet von : C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Network Shortcuts\adwcleaner_3.211.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Program Files (x86)\PlurPush
Ordner Gefunden : C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gefunden : C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
Ordner Gefunden : C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp
Ordner Gefunden : C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gefunden : HKLM\Software\PlurPush
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [67730 octets] - [04/06/2014 17:24:28]
AdwCleaner[R1].txt - [2135 octets] - [04/06/2014 17:54:29]
AdwCleaner[S0].txt - [61317 octets] - [04/06/2014 17:26:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2256 octets] ##########
         


der Eintrag in der Host Datei sagt mir gar nix, aber ehrlich gesagt sagt mir noch nicht mal die Bezeichnung Host-Datei etwas.

Das einzige Programm welches ich deinstallieren konnte war der McAfee

Bei den anderen stand, dass es ein Problem gäbe. Ich habe es dann mit dem Revo-uninstaller gemacht. Da kam zwischendurch bei allen die Meldung: >>Uninstall ist fehlgeschlagen! Vermutlich ungültiger deinstall Befehl. << Nachdem ich ok gedrückt hatte, hat er immer weitergemacht und am Ende jeden Laufes habe ich dann die Löschung der Pfade mit ok bestätigt.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Zollmann at 2014-06-05 14:19:22 Run:1
Running from C:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
FF NewTab: chrome://lightning/content/newtab.html
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: PlurPush - C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi [2014-06-03]
FF Extension: No Name - C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64; C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys [61112 2014-05-27] (StdLib)
Task: {0C450561-1564-4C4A-9185-C5213A078C53} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {2EB573F1-E603-4E41-87C4-2B8F0E975D46} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {312660CE-0491-47CE-A6A6-F8091DEEAC99} - \MediaPlayerEnhance-firefoxinstaller No Task File <==== ATTENTION
Task: {348C7189-0AEC-4A9D-883A-4498C141FB66} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {4A330A5D-9360-48B0-B6E5-6A923A626382} - \SaveSenseLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4F97C33C-1328-4906-A38B-AF50EDED132E} - \MediaPlayerEnhance-updater No Task File <==== ATTENTION
Task: {5695D4AB-D7EB-4A97-9964-6365A178E4C8} - \MediaPlayerEnhance-codedownloader No Task File <==== ATTENTION
Task: {6B4B203D-9C1A-48B2-A10E-1FD793FC20FC} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {7C6FE53A-CD98-41F9-9E0D-F06EEA1314F4} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION
Task: {82036D04-3608-438B-8EA9-C47FC0FDBD1A} - \bench-sys No Task File <==== ATTENTION
Task: {A5CD20B8-5AB0-4AE8-94A6-87B6DA834FE1} - \MediaPlayerEnhance-enabler No Task File <==== ATTENTION
Task: {B8E16520-AA2C-46C5-8694-A05BBF04460A} - \SaveSenseLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {C0033F9B-6B52-4A26-80F2-A772BD9C1C9D} - \MediaPlayerEnhance-chromeinstaller No Task File <==== ATTENTION
Task: {DE0478C8-D9B2-4978-9367-749AA9444573} - \SaveSense No Task File <==== ATTENTION
Task: {E5EAF08F-3A7D-4F41-AF08-614B82BC3AB3} - System32\Tasks\bench-S-1-5-21-1615557796-2480273254-405201019-1000 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {EC9C7114-1D5B-49C0-B23E-FC9A4223E3C3} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION
C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
C:\Users\Zollmann\AppData\Local\Temp\Quarantine.exe
         
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
Firefox newtab deleted successfully.
Firefox Keyword.URL deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Value not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi not found.
C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi => Moved successfully.
C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64 => Service stopped successfully.
{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C450561-1564-4C4A-9185-C5213A078C53} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C450561-1564-4C4A-9185-C5213A078C53} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EB573F1-E603-4E41-87C4-2B8F0E975D46} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EB573F1-E603-4E41-87C4-2B8F0E975D46} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{312660CE-0491-47CE-A6A6-F8091DEEAC99} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{312660CE-0491-47CE-A6A6-F8091DEEAC99} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{348C7189-0AEC-4A9D-883A-4498C141FB66} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{348C7189-0AEC-4A9D-883A-4498C141FB66} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A330A5D-9360-48B0-B6E5-6A923A626382} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A330A5D-9360-48B0-B6E5-6A923A626382} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F97C33C-1328-4906-A38B-AF50EDED132E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F97C33C-1328-4906-A38B-AF50EDED132E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5695D4AB-D7EB-4A97-9964-6365A178E4C8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5695D4AB-D7EB-4A97-9964-6365A178E4C8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B4B203D-9C1A-48B2-A10E-1FD793FC20FC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B4B203D-9C1A-48B2-A10E-1FD793FC20FC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C6FE53A-CD98-41F9-9E0D-F06EEA1314F4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C6FE53A-CD98-41F9-9E0D-F06EEA1314F4} => Key deleted successfully.
C:\Windows\System32\Tasks\RegistryDr_Popup => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Popup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82036D04-3608-438B-8EA9-C47FC0FDBD1A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82036D04-3608-438B-8EA9-C47FC0FDBD1A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5CD20B8-5AB0-4AE8-94A6-87B6DA834FE1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5CD20B8-5AB0-4AE8-94A6-87B6DA834FE1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8E16520-AA2C-46C5-8694-A05BBF04460A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8E16520-AA2C-46C5-8694-A05BBF04460A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0033F9B-6B52-4A26-80F2-A772BD9C1C9D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0033F9B-6B52-4A26-80F2-A772BD9C1C9D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE0478C8-D9B2-4978-9367-749AA9444573} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE0478C8-D9B2-4978-9367-749AA9444573} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5EAF08F-3A7D-4F41-AF08-614B82BC3AB3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5EAF08F-3A7D-4F41-AF08-614B82BC3AB3} => Key deleted successfully.
C:\Windows\System32\Tasks\bench-S-1-5-21-1615557796-2480273254-405201019-1000 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-1615557796-2480273254-405201019-1000 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC9C7114-1D5B-49C0-B23E-FC9A4223E3C3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9C7114-1D5B-49C0-B23E-FC9A4223E3C3} => Key deleted successfully.
C:\Windows\System32\Tasks\RegistryDr_Start => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Start => Key deleted successfully.
C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys => Moved successfully.
C:\Users\Zollmann\AppData\Local\Temp\Quarantine.exe => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
Bei mbam gab es 2 Suchlauf-Protokolle und ich wusste nicht welches das neueste ist, darum poste ich beide
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 05.06.2014 17:00:39, SYSTEM, ZOLLMANN-PC, Protection, Malware Protection, Starting, 
Protection, 05.06.2014 17:00:39, SYSTEM, ZOLLMANN-PC, Protection, Malware Protection, Started, 
Protection, 05.06.2014 17:00:39, SYSTEM, ZOLLMANN-PC, Protection, Malicious Website Protection, Starting, 
Update, 05.06.2014 17:00:44, SYSTEM, ZOLLMANN-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.6.2.1, 
Protection, 05.06.2014 17:00:44, SYSTEM, ZOLLMANN-PC, Protection, Malicious Website Protection, Started, 
Update, 05.06.2014 17:01:13, SYSTEM, ZOLLMANN-PC, Manual, Malware Database, 2014.3.4.9, 2014.6.5.8, 
Protection, 05.06.2014 17:01:37, SYSTEM, ZOLLMANN-PC, Protection, Refresh, Starting, 
Protection, 05.06.2014 17:01:37, SYSTEM, ZOLLMANN-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 05.06.2014 17:01:37, SYSTEM, ZOLLMANN-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 05.06.2014 17:01:42, SYSTEM, ZOLLMANN-PC, Protection, Refresh, Success, 
Protection, 05.06.2014 17:01:42, SYSTEM, ZOLLMANN-PC, Protection, Malicious Website Protection, Starting, 
Protection, 05.06.2014 17:01:42, SYSTEM, ZOLLMANN-PC, Protection, Malicious Website Protection, Started, 
Protection, 05.06.2014 17:13:30, SYSTEM, ZOLLMANN-PC, Protection, Malware Protection, Starting, 
Protection, 05.06.2014 17:13:30, SYSTEM, ZOLLMANN-PC, Protection, Malware Protection, Started, 
Protection, 05.06.2014 17:13:30, SYSTEM, ZOLLMANN-PC, Protection, Malicious Website Protection, Starting, 
Protection, 05.06.2014 17:14:15, SYSTEM, ZOLLMANN-PC, Protection, Malicious Website Protection, Started, 

(end)
Code:
ATTFilter
         
Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.06.2014 Suchlauf-Zeit: 17:02:13 Logdatei: mbam1.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.05.08 Rootkit Datenbank: v2014.06.02.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Zollmann Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 263956 Verstrichene Zeit: 8 Min, 10 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 21 PUP.Optional.PlurPush.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{82249076-d5c8-431d-982b-023779779587}, In Quarantäne, [53898aea04772e08d11c541c5ba716ea], PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{089ede16-f82f-4cb5-b64e-433860459d81}, In Quarantäne, [53898aea04772e08d11c541c5ba716ea], PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6A9F605F-89D1-4AF7-8747-2A17F002E20E}, In Quarantäne, [53898aea04772e08d11c541c5ba716ea], PUP.Optional.PlurPush.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6A9F605F-89D1-4AF7-8747-2A17F002E20E}, In Quarantäne, [53898aea04772e08d11c541c5ba716ea], PUP.Optional.PlurPush.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{089ede16-f82f-4cb5-b64e-433860459d81}, In Quarantäne, [53898aea04772e08d11c541c5ba716ea], PUP.Optional.PlurPush.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{82249076-D5C8-431D-982B-023779779587}, In Quarantäne, [53898aea04772e08d11c541c5ba716ea], PUP.Optional.PlurPush.A, HKU\S-1-5-21-1615557796-2480273254-405201019-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82249076-D5C8-431D-982B-023779779587}, In Quarantäne, [53898aea04772e08d11c541c5ba716ea], PUP.Optional.PlurPush.A, HKU\S-1-5-21-1615557796-2480273254-405201019-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82249076-D5C8-431D-982B-023779779587}, In Quarantäne, [53898aea04772e08d11c541c5ba716ea], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, In Quarantäne, [805c2252bcbfff37cd5d69d29d6530d0], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CEADAE6E-E08C-4950-BEBF-149EFD998248}, In Quarantäne, [805c2252bcbfff37cd5d69d29d6530d0], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CEADAE6E-E08C-4950-BEBF-149EFD998248}, In Quarantäne, [805c2252bcbfff37cd5d69d29d6530d0], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, In Quarantäne, [805c2252bcbfff37cd5d69d29d6530d0], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, In Quarantäne, [805c2252bcbfff37cd5d69d29d6530d0], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, In Quarantäne, [805c2252bcbfff37cd5d69d29d6530d0], PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.bench.nmhost, In Quarantäne, [07d5caaac5b6f244f3a3dc09986b4fb1], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\WOW6432NODE\PROXY\INSTALLATIONS\Savings Wizard, In Quarantäne, [9b41f77d95e664d284dd4f9c6c97fb05], PUP.Optional.DataMngr.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, In Quarantäne, [9a42581c532890a6ae46ab216c974fb1], PUP.Optional.SaveSense.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLive, In Quarantäne, [9844710385f6261058ab0ad2ac57d12f], PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, In Quarantäne, [4993690ba6d570c69e790ea439c922de], PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-1615557796-2480273254-405201019-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ilividmoviestoolbarha, In Quarantäne, [4e8ee3918cefc175c51408af9e64b54b], PUP.Optional.SavingsWizard.A, HKU\S-1-5-21-1615557796-2480273254-405201019-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PROXY\INSTALLATIONS\Savings Wizard, In Quarantäne, [3ca042327a01c1752c363eadd62de11f], Registrierungswerte: 2 PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Communicator Watcher, C:\Program Files (x86)\Bench\Proxy\pwdg.exe, In Quarantäne, [30ac2351b2c99b9ba190742c9a68b848] PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Settings Cleaner, C:\Program Files (x86)\Bench\Proxy\cl.exe, In Quarantäne, [8557caaab0cb0135ee44eeb2f2109b65] Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a3397103691279bdfbfc96d41de7c43c] Ordner: 7 PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\assets, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], Dateien: 59 PUP.Optional.NewPlayer.A, C:\Windows\Temp\NewPlayerSetup.exe, In Quarantäne, [904cda9a18635ed8a1c2146cfd0427d9], PUP.Optional.OutBrowse, C:\Users\Zollmann\Downloads\setup.exe, In Quarantäne, [ae2eb2c2a0db58deb8eafcfb12f137c9], PUP.Optional.SimplyTech.A, C:\Users\Zollmann\Downloads\HomeTab(1).exe, In Quarantäne, [cb11c1b3c0bb38fe6f14b38c20e1b749], PUP.Optional.SimplyTech.A, C:\Users\Zollmann\Downloads\HomeTab.exe, In Quarantäne, [00dcd89cdc9f52e48ef58bb4847d8878], PUP.Optional.Bandoo, C:\Users\Zollmann\Downloads\iLividSetup-r394-n-bf(1).exe, In Quarantäne, [f3e998dcb1ca2b0be3dcf71425dcd22e], PUP.Optional.Bandoo, C:\Users\Zollmann\Downloads\iLividSetup-r394-n-bf.exe, In Quarantäne, [5785c1b32358310506b97794cd34ca36], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-S-1-5-21-1615557796-2480273254-405201019-1000.job, In Quarantäne, [03d96e06394242f4e5d0ffb9a062e818], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\background.html, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\bootstrap.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\chrome.manifest, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\extension_info.json, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\install.rdf, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_bg.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_browseraction.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_common.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_content.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_settings.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_webrequest.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\jquery.min.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\canvasscript_engine.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\canvas_bg.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\md5.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\registry.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\webrequest.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\backgroundscript_engine.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\base.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\browser.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\chrome_windows.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\console.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\content_proxy.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\framework.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\i18n.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\invoke_async.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\io.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\lang.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\legacy.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\message_target.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\messaging.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\storage.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\timer.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\uninstall.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\userscript_client.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\userscript_engine.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\utils.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\xhr.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\browser_button.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\contentNotification.tmpl, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\contentNotificationStyle.tmpl, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\content_notifications.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\context_menu.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\framework_api.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\notifications.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\options.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\ui_base.js, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\button.png, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\icon100.png, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\icon128.png, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\icon32.png, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], PUP.Optional.SavingsWizard.A, C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\icon48.png, In Quarantäne, [0bd1a1d31c5fcf6768cc3a4e05fd0af6], Physische Sektoren: 0 (No malicious items detected) (end)
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Zollmann (administrator) on ZOLLMANN-PC on 05-06-2014 17:19:06
Running from C:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [681880 2012-08-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-06-03] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1615557796-2480273254-405201019-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-1615557796-2480273254-405201019-1000\...\Run: [Infigo] => C:\Program Files (x86)\Infigo\Infigo.exe onrun
HKU\S-1-5-21-1615557796-2480273254-405201019-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DEF9B7508AFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
URLSearchHook: HKCU - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {151F87EE-8DC4-497D-BB7C-3A3D66F38EE2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {151F87EE-8DC4-497D-BB7C-3A3D66F38EE2} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 54.204.28.26	ajakpekbmnkgnjbpajgkdhimcbeoocam

FireFox:
========
FF ProfilePath: C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=prc265
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF SearchPlugin: C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Widget context - C:\Users\Zollmann\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-29]

Chrome: 
=======
CHR HomePage: https://de.yahoo.com?fr=hp-avast&type=prc265
CHR StartupUrls: "https://de.yahoo.com?fr=hp-avast&type=prc265"
CHR Extension: (Google Docs) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-26]
CHR Extension: (YouTube) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-26]
CHR Extension: (Google Search) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-26]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Gmail) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-26]

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-06-03] (AVAST Software)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2013-03-02] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 17:19 - 2014-06-05 17:19 - 00013065 _____ () C:\FRST.txt
2014-06-05 17:18 - 2014-06-05 17:18 - 00020111 _____ () C:\mbam1.txt
2014-06-05 17:17 - 2014-06-05 17:17 - 00001688 _____ () C:\mbam.txt
2014-06-05 17:00 - 2014-06-05 17:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 17:00 - 2014-06-05 17:00 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 17:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 17:00 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 17:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 16:58 - 2014-06-05 16:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Zollmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 14:20 - 2014-06-05 17:13 - 00027940 _____ () C:\Windows\PFRO.log
2014-06-05 14:05 - 2014-06-05 14:05 - 00001264 _____ () C:\Users\Zollmann\Desktop\Revo Uninstaller.lnk
2014-06-05 14:05 - 2014-06-05 14:05 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-04 19:29 - 2014-06-05 17:19 - 00000000 ____D () C:\FRST
2014-06-04 19:28 - 2014-06-04 19:28 - 02068992 _____ (Farbar) C:\FRST64.exe
2014-06-04 19:19 - 2014-06-05 17:13 - 00001019 _____ () C:\Windows\setupact.log
2014-06-04 19:19 - 2014-06-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 18:51 - 2014-06-04 18:51 - 00001814 _____ () C:\sc-cleaner.txt
2014-06-04 18:27 - 2014-06-04 18:27 - 00000628 _____ () C:\Users\Zollmann\Desktop\JRT.txt
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 17:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-04 17:24 - 2014-06-04 18:04 - 00000000 ____D () C:\AdwCleaner
2014-06-04 16:22 - 2014-06-04 16:22 - 00000000 _____ () C:\Users\Zollmann\AppData\Local\{D896E55B-3A09-4986-830C-2736E40E0E7F}
2014-06-04 00:30 - 2014-06-04 00:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-04 00:30 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-04 00:30 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-04 00:30 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-04 00:30 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-04 00:30 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-04 00:30 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-04 00:29 - 2014-04-12 04:34 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-04 00:29 - 2014-04-12 04:34 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-04 00:29 - 2014-04-12 04:32 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-06-04 00:29 - 2014-04-12 04:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2014-06-04 00:29 - 2014-04-12 04:29 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00685056 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2014-06-04 00:29 - 2014-04-12 04:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-04 00:29 - 2014-04-12 04:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-04 00:29 - 2014-04-12 04:05 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-04 00:29 - 2014-04-12 04:05 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-04 00:29 - 2014-04-12 04:05 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-04 00:29 - 2014-04-12 04:04 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-06-04 00:29 - 2014-04-12 04:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00685056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-06-04 00:29 - 2014-04-12 03:03 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-04 00:29 - 2014-04-12 03:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-04 00:29 - 2014-04-12 03:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-04 00:29 - 2014-03-04 13:11 - 05553088 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-04 00:29 - 2014-03-04 13:08 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-04 00:29 - 2014-03-04 13:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00315904 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-04 00:29 - 2014-03-04 12:42 - 03974080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-04 00:29 - 2014-03-04 12:42 - 03918784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-04 00:29 - 2014-03-04 12:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-04 00:29 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-04 00:29 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-03 23:47 - 2014-06-03 23:51 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-06-03 23:47 - 2014-06-03 23:47 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-06-03 23:18 - 2014-03-25 04:34 - 14179328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-03 23:18 - 2014-03-25 04:18 - 12877312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-03 23:17 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-03 23:17 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 23:16 - 2014-06-03 23:16 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-03 22:01 - 2014-06-03 22:03 - 133194920 _____ () C:\Users\Zollmann\Downloads\avast_internet_security_setup.exe
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieUserList
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieSiteList
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-03 19:00 - 2014-06-03 19:00 - 00000045 _____ () C:\Users\Zollmann\AppData\Roaming\WB.CFG
2014-06-03 18:51 - 2014-06-03 18:51 - 04415768 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-06-03 18:49 - 2014-06-03 18:50 - 04483020 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_free_stb_all_2014_4592_affiliate.exe
2014-06-03 18:48 - 2014-06-03 18:48 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-03 18:47 - 2014-06-03 18:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-03 18:46 - 2014-06-03 18:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-06-03 18:46 - 2014-06-03 18:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 18:37 - 2014-06-04 16:45 - 00000003 _____ () C:\Users\Zollmann\AppData\Local\proxy.log
2014-06-03 18:34 - 2014-06-03 18:34 - 04892480 _____ (WinZip International LLC ) C:\Users\Zollmann\Downloads\wzmp_8.exe
2014-06-03 18:22 - 2014-06-03 18:22 - 94714880 _____ (AVAST Software) C:\Users\Zollmann\Downloads\avast_free_antivirus_setup2018.exe
2014-06-03 18:13 - 2014-06-03 18:13 - 00005224 _____ () C:\Users\Zollmann\Desktop\Windows-Kompatibilitätsbericht.htm
2014-06-03 18:09 - 2014-06-03 18:15 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-06-03 18:09 - 2014-06-03 18:15 - 00001908 _____ () C:\Windows\diagerr.xml
2014-06-03 17:28 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-03 17:28 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-03 17:28 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-03 17:28 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-03 17:28 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-03 17:28 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-03 17:28 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-03 17:28 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-03 17:28 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-03 17:28 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-03 17:28 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-03 17:28 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-03 17:28 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-03 17:28 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-03 17:28 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-03 17:28 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-03 17:28 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-03 17:28 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-03 17:28 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-03 17:28 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-03 17:28 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-03 17:28 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-03 17:28 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-03 17:28 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-03 17:28 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-03 17:28 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-03 17:28 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-03 17:28 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-03 17:28 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-03 17:28 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-03 17:28 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-03 17:28 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-03 17:28 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-03 17:28 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-03 17:28 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-03 17:28 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-03 17:28 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-03 17:28 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-03 17:28 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-03 17:28 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-03 17:28 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-03 17:28 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-03 17:28 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-03 17:28 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-06-05 17:19 - 2014-06-05 17:19 - 00013065 _____ () C:\FRST.txt
2014-06-05 17:19 - 2014-06-04 19:29 - 00000000 ____D () C:\FRST
2014-06-05 17:19 - 2013-05-29 12:36 - 00000000 ____D () C:\Users\Zollmann\AppData\Local\Temp
2014-06-05 17:18 - 2014-06-05 17:18 - 00020111 _____ () C:\mbam1.txt
2014-06-05 17:17 - 2014-06-05 17:17 - 00001688 _____ () C:\mbam.txt
2014-06-05 17:17 - 2013-05-29 12:30 - 01868155 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 17:17 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-05 17:17 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-05 17:17 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 17:14 - 2014-06-05 17:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 17:14 - 2013-05-29 18:35 - 00000000 ____D () C:\Users\Zollmann\AppData\Roaming\Skype
2014-06-05 17:13 - 2014-06-05 14:20 - 00027940 _____ () C:\Windows\PFRO.log
2014-06-05 17:13 - 2014-06-04 19:19 - 00001019 _____ () C:\Windows\setupact.log
2014-06-05 17:13 - 2013-09-26 17:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 17:13 - 2013-09-07 15:52 - 00000000 ____D () C:\Users\Zollmann\AppData\Local\LogMeIn Hamachi
2014-06-05 17:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 17:00 - 2014-06-05 17:00 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 16:59 - 2014-06-05 16:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Zollmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 16:59 - 2013-09-26 17:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 16:56 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 16:56 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 14:21 - 2014-01-31 23:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-05 14:19 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-05 14:05 - 2014-06-05 14:05 - 00001264 _____ () C:\Users\Zollmann\Desktop\Revo Uninstaller.lnk
2014-06-05 14:05 - 2014-06-05 14:05 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-05 14:01 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-05 13:58 - 2013-05-29 13:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-05 06:48 - 2013-05-29 12:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 19:48 - 2013-05-29 12:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-04 19:48 - 2013-05-29 12:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-04 19:48 - 2013-05-29 12:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-04 19:28 - 2014-06-04 19:28 - 02068992 _____ (Farbar) C:\FRST64.exe
2014-06-04 19:19 - 2014-06-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 18:51 - 2014-06-04 18:51 - 00001814 _____ () C:\sc-cleaner.txt
2014-06-04 18:27 - 2014-06-04 18:27 - 00000628 _____ () C:\Users\Zollmann\Desktop\JRT.txt
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 18:04 - 2014-06-04 17:24 - 00000000 ____D () C:\AdwCleaner
2014-06-04 17:29 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-04 17:27 - 2013-05-29 12:38 - 00001001 _____ () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-04 17:27 - 2013-05-29 12:36 - 00000000 ____D () C:\Users\Zollmann
2014-06-04 16:45 - 2014-06-03 18:37 - 00000003 _____ () C:\Users\Zollmann\AppData\Local\proxy.log
2014-06-04 16:22 - 2014-06-04 16:22 - 00000000 _____ () C:\Users\Zollmann\AppData\Local\{D896E55B-3A09-4986-830C-2736E40E0E7F}
2014-06-04 16:21 - 2013-05-29 12:38 - 00000000 ___RD () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 16:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-04 16:08 - 2013-05-29 12:38 - 00000000 ___RD () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-04 00:30 - 2014-06-04 00:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-04 00:30 - 2013-08-18 20:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-04 00:28 - 2013-06-08 22:25 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-04 00:24 - 2014-03-12 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-06-04 00:24 - 2014-03-12 20:49 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-06-03 23:51 - 2014-06-03 23:47 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-06-03 23:51 - 2009-07-14 04:34 - 65011712 _____ () C:\Windows\system32\config\software.bak
2014-06-03 23:51 - 2009-07-14 04:34 - 15990784 _____ () C:\Windows\system32\config\system.bak
2014-06-03 23:51 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-06-03 23:48 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-06-03 23:47 - 2014-06-03 23:47 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-06-03 23:35 - 2014-03-31 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 23:35 - 2013-05-29 12:37 - 00000000 ____D () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 23:35 - 2013-05-29 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 23:35 - 2013-05-29 12:37 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-03 23:16 - 2014-06-03 23:16 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-03 22:55 - 2013-09-26 17:22 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-03 22:55 - 2013-05-29 13:46 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-03 22:55 - 2013-05-29 13:46 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-03 22:03 - 2014-06-03 22:01 - 133194920 _____ () C:\Users\Zollmann\Downloads\avast_internet_security_setup.exe
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieUserList
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieSiteList
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-03 19:00 - 2014-06-03 19:00 - 00000045 _____ () C:\Users\Zollmann\AppData\Roaming\WB.CFG
2014-06-03 18:51 - 2014-06-03 18:51 - 04415768 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-06-03 18:50 - 2014-06-03 18:49 - 04483020 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_free_stb_all_2014_4592_affiliate.exe
2014-06-03 18:48 - 2014-06-03 18:48 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-03 18:48 - 2013-11-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-03 18:47 - 2014-06-03 18:46 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-06-03 18:47 - 2014-01-11 18:26 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-03 18:47 - 2013-05-29 13:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-03 18:47 - 2013-05-29 13:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-03 18:46 - 2014-06-03 18:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-03 18:46 - 2014-06-03 18:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 18:46 - 2013-09-26 17:17 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-03 18:46 - 2013-05-29 13:49 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-03 18:34 - 2014-06-03 18:34 - 04892480 _____ (WinZip International LLC ) C:\Users\Zollmann\Downloads\wzmp_8.exe
2014-06-03 18:22 - 2014-06-03 18:22 - 94714880 _____ (AVAST Software) C:\Users\Zollmann\Downloads\avast_free_antivirus_setup2018.exe
2014-06-03 18:15 - 2014-06-03 18:09 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-06-03 18:15 - 2014-06-03 18:09 - 00001908 _____ () C:\Windows\diagerr.xml
2014-06-03 18:13 - 2014-06-03 18:13 - 00005224 _____ () C:\Users\Zollmann\Desktop\Windows-Kompatibilitätsbericht.htm
2014-06-03 17:58 - 2013-05-29 16:06 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-03 17:57 - 2014-03-27 17:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-03 17:57 - 2013-05-29 18:35 - 00000000 ____D () C:\ProgramData\Skype
2014-06-03 17:54 - 2013-09-26 17:21 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-03 17:54 - 2013-09-26 17:21 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-03 17:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-12 07:26 - 2014-06-05 17:00 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 17:00 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 17:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-06-03 23:17 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-06-03 23:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-06-04 00:30 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-06-04 00:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-06-04 00:30 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-06-04 00:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-06-04 00:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-06-04 00:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-06-04 00:29] - [2014-03-04 13:08] - 0455680 ____A (Microsoft Corporation) 6CE2AE073BD21C542FC2C707CAE944CC

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-03-02 17:15] - [2013-03-02 17:15] - 2871296 ____A (Microsoft Corporation) 70D758D2DBE79757421017EE68143763

C:\Windows\SysWOW64\explorer.exe
[2013-03-02 17:15] - [2013-03-02 17:15] - 2616320 ____A (Microsoft Corporation) B0846DB5BDAB92131529A58E627FCEB7

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2013-03-02 16:40] - [2013-03-02 16:40] - 1008128 ____A (Microsoft Corporation) 7FB4D54B502C6CF2E35B8188FA4CC08C

C:\Windows\SysWOW64\User32.dll
[2013-03-02 16:40] - [2013-03-02 16:40] - 0833024 ____A (Microsoft Corporation) 9B836EE76E3A99052EF6DEA52B41D1BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2013-03-02 17:19] - [2013-03-02 17:19] - 0512512 ____A (Microsoft Corporation) 83D5AD7CFDB1F9D42C3CD102B20FFA0A

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2013-03-02 17:09] - [2013-03-02 17:09] - 0296304 ____A (Microsoft Corporation) A56F2326CE33646CDA95E7A9E7163FFA



LastRegBack: 2014-03-04 18:51

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Zollmann at 2014-06-05 17:19:50
Running from C:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2006331508.48.56.3937658 - Audible, Inc.)
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.112 - ALPS ELECTRIC CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 3.41 - Happy Cloud, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\ilividmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{A20A58C4-6784-4B4B-86CC-94E2E3671031}) (Version: 7.02.8637 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

05-06-2014 12:06:24 Revo Uninstaller's restore point - Lollipop
05-06-2014 12:08:51 Revo Uninstaller's restore point - Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.)
05-06-2014 12:09:47 Revo Uninstaller's restore point - Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.)
05-06-2014 12:10:52 Revo Uninstaller's restore point - Save Sense (remove only)
05-06-2014 12:11:40 Revo Uninstaller's restore point - Savings Wizard
05-06-2014 12:12:33 Revo Uninstaller's restore point - Search-Results Toolbar

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-03 18:37 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts
54.204.28.26	ajakpekbmnkgnjbpajgkdhimcbeoocam

==================== Scheduled Tasks (whitelisted) =============

Task: {14172AAE-12F7-4221-BE30-DD1494BDE2F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-04] (Adobe Systems Incorporated)
Task: {1E7857FC-D65D-4C0D-891D-884BCDDE1022} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26] (Google Inc.)
Task: {4A6DDDEF-DBA6-40D5-BA1B-CC480CE77671} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26] (Google Inc.)
Task: {5694831A-A83C-465B-AC39-132B095B0787} - System32\Tasks\{5C539E34-193E-4FE7-AF3C-F7C5EC4139AA} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.7.0.102&amp;LastError=2
Task: {8B407590-D6EB-48BB-B6B2-F38E3DF9D8AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9625D735-7448-497F-90FB-3F7CFD4CB073} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {C1133D61-0697-4403-A453-AB350EF47598} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-03] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-05 13:58 - 2014-06-05 13:58 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060500\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-18 17:52 - 2013-11-18 17:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2014 05:14:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 04:49:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 02:22:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 01:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 07:28:43 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (06/05/2014 01:58:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/05/2014 01:58:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst avast! Firewall erreicht.

Error: (06/05/2014 06:47:27 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{D551F076-A0D7-4406-8CBE-2E2057C07C0A} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (06/04/2014 09:00:38 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (06/05/2014 05:14:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 04:49:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 02:22:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 01:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 07:28:43 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Zollmann\Downloads\avast_internet_security_setup.exeC:\Users\Zollmann\Downloads\avast_internet_security_setup.exe0


==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 4047.92 MB
Available physical RAM: 2247.61 MB
Total Pagefile: 8094.02 MB
Available Pagefile: 6265.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:35.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 1F68E14E)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
So das war glaube alles, hoffe ich habe nichts vergessen und alles korrekt gemacht. Kann ich die *.txt eigentlich alle löschen oder soll ich sie lieber noch lassen?
Nochmal danke und freundliche Grüß
Beate


Alt 07.06.2014, 21:59   #6
Bootsektor
/// TB-Ausbilder
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Hallo Beate und entschuldige nochmals die Verzögerung,

ja das eine ist das Protektionslog und das andere das Fund und Löschlog

Zitat:
Kann ich die *.txt eigentlich alle löschen oder soll ich sie lieber noch lassen?
Die löschen wir nachher alle

Hast du denn noch Probleme mit dem Rechner?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Hosts: 54.204.28.26	ajakpekbmnkgnjbpajgkdhimcbeoocam
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.
__________________
--> Windows 7, stängige PUP und DMUNINSTALL

Alt 07.06.2014, 22:12   #7
maxiflozo
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Hallo Sandra,
gar kein Problem, alles prima.
Also Popups kommen momentan keine mehr. Habe aber auch jetzt nichts mehr mit dem Lap gemacht, weil ich mich nicht getraut habe, also Banken oder so......

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by Zollmann at 2014-06-07 22:05:49 Run:2
Running from C:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Hosts: 54.204.28.26	ajakpekbmnkgnjbpajgkdhimcbeoocam
         
*****************

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====
         
jetzt mache ich mich an den ESET
Wie deaktiviere ich denn das Anti-Virus-Program und die Firewall?
Gruss
Beate

Alt 07.06.2014, 22:21   #8
Bootsektor
/// TB-Ausbilder
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Hallo Beate,

Avast deaktivierst du, indem du rechts unten auf deinem Monitor mit der linken Maustaste auf den Pfeil drückst und dann mit der rechten Maustaste auf das Avast-Symbol drückst, dort auf Avast-Schutzsteuerung und bis zum nächsten Neustart deaktivieren anklicken.

Alt 07.06.2014, 22:24   #9
maxiflozo
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Danke

Alt 07.06.2014, 22:53   #10
Bootsektor
/// TB-Ausbilder
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Bitte, aber vergess das Aktivieren nicht

Alt 07.06.2014, 23:30   #11
maxiflozo
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=c47bf7bd6dd745479c32a2a916a29609
# engine=18612
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-07 09:21:32
# local_time=2014-06-07 11:21:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 97 6398 166596582 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 131509 153805942 0 0
# scanned=149212
# found=62
# cleaned=0
# scan_time=3207
sh=143B1AACA51A173FDFB6D2A89129A4F9B7E672A8 ft=1 fh=b490d57b7e0afe3a vn="Win32/AdWare.SmartApps.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\BService\bhelper.dll.vir"
sh=1E09E14B1858EE3D5356C7FFB2A1EC4F34628F40 ft=1 fh=c71c00114be96104 vn="Win32/AdWare.SmartApps.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\NmHost\nmhost.exe.vir"
sh=EA7CCBD7021A01098B272F3D363C8748E75562F5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\44150.crx.vir"
sh=2A5F4F18859D97E591F801D019ADEB77BDA3D638 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\44150.xpi.vir"
sh=66B50F2298FBD14E2E308D2C9454102277D52FA5 ft=1 fh=e89588b8681284fc vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bg.exe.vir"
sh=9C6F9A88EC4B50B2E000B6CF724133B51F5720C4 ft=1 fh=c383de65dcf728f6 vn="Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho.dll.vir"
sh=FEEF0F40BE84F752CEC77CD458EDFFD7570D1DA4 ft=1 fh=795f1ba030dba751 vn="Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho64.dll.vir"
sh=7BA00CB875624B9C593D32D4B51320A49DDE61F0 ft=1 fh=24b0a5aed93c9278 vn="Variante von Win32/Toolbar.CrossRider.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe.vir"
sh=C693F03C3BFD33D6274E84796041B9F2F04A93BB ft=1 fh=22bacdd4ff9b8805 vn="Variante von Win32/Toolbar.CrossRider.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe.vir"
sh=19F0D1B580367F8A57410030B0EC7D1B828A981B ft=1 fh=d17f17c46bd9009f vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe.vir"
sh=C8C0E6C5BCEE8FBAD506767BE0A8E54E03502BA9 ft=1 fh=a3bfd84a025473bd vn="Variante von Win32/Toolbar.CrossRider.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe.vir"
sh=177C9084672D89D011568C2C5D98DE0ABAA2568A ft=1 fh=b4a6a7af93782f9c vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe.vir"
sh=7FFDEC5AAC93E908012EE981767F052804664468 ft=1 fh=ee1cd61e39a670ab vn="Variante von Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\utils.exe.vir"
sh=408F051AE5CCB844CC630E6178BB8643BBC2513B ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir"
sh=A889876B49FE72E4F4AD39CC4B4EAFF9CA5861D0 ft=1 fh=6a5de9c4cbe4ff32 vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\PlurPushBHO.dll.vir"
sh=B891C89F0B9E930FD28F73A776275BFB30693BA3 ft=1 fh=a36984e158bea0dd vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\PlurPushUninstall.exe.vir"
sh=9AB667F9389DDA2463DB2FBDF7BA4C2C2699EF06 ft=1 fh=f18bcef774aa3657 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\updatePlurPush.exe.vir"
sh=7AC599C885EFC7E304ECFF5F1C970429A4EEF2FC ft=1 fh=9fa4302f744c9015 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\PlurPush.BrowserAdapter.exe.vir"
sh=BA7DE5C603AEBED26FE2A28C966728338F0A3ED2 ft=1 fh=c119b7c530f37369 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\PlurPush.PurBrowse64.exe.vir"
sh=6A950DA7B8B72FC7B0C8652C4251692A95E5AED0 ft=1 fh=ba902ca45f1e3ac6 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\PlurPushBAApp.dll.vir"
sh=9AB667F9389DDA2463DB2FBDF7BA4C2C2699EF06 ft=1 fh=f18bcef774aa3657 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\utilPlurPush.exe.vir"
sh=8A522FB94CE276631B19B876CBC09E9FC8DF7D34 ft=1 fh=5f6ace114b8e2d0a vn="Variante von Win32/BrowseFox.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.dll.vir"
sh=43EA2D7D706E99ABB73874AA45FE6C1C7380C086 ft=1 fh=795580352a5a0612 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\plugins\PlurPush.Bromon.dll.vir"
sh=F0179A586DDE0ADE3C0D8CC54009839B20068418 ft=1 fh=9da95e4963a8995a vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\plugins\PlurPush.BroStats.dll.vir"
sh=FB40A6A10D4114004C79553136B0F14660C2F9DF ft=1 fh=41ae0639c8981145 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\plugins\PlurPush.BrowserAdapterS.dll.vir"
sh=ED165A1BADBCB849C62052905E12F36D55AA7324 ft=1 fh=c7574fe0e0457bd0 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\plugins\PlurPush.CompatibilityChecker.dll.vir"
sh=078C725F586D4D91CB12CDD3F3151DBCDEF34F2B ft=1 fh=d53bd2cc28bcc9f3 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\plugins\PlurPush.FFUpdate.dll.vir"
sh=1E69D46E08B2781CAA4D6C64A04A138D18D243A3 ft=1 fh=980e6dda51fc1213 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\plugins\PlurPush.IEUpdate.dll.vir"
sh=081C56ABC46B86BFAEC816B64A7A2A8DAD615437 ft=1 fh=84a596b77423e159 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PlurPush\bin\plugins\PlurPush.PurBrowseG.dll.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe.vir"
sh=10903598F769E2AC5F1E2372E90F6722A3A860B7 ft=1 fh=89560075533c3d40 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=88482528CE4F67A1004B50BA93282CEACCEDE534 ft=1 fh=e40b702402e604d5 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir"
sh=70D49B9ABA391E6976DAB5C4BEA63733459B3F1C ft=1 fh=0b76a05977e7722a vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir"
sh=F09B9B9B1D16D1539D23CC6ACDE0DC7BC983DF59 ft=1 fh=2dbadf99ca2df2d7 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir"
sh=67F405E93A8EDC01849B407789DC871C31723607 ft=1 fh=45e1c19d2fbdf616 vn="Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\del_DM_LL_nsdFCAD.dll.vir"
sh=BFDC3839ACE19D582651CBDBCA401D85ACB87CEE ft=1 fh=c71c0011ea55d4ef vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe.vir"
sh=E02E52D8D6D4809A43A0747AD2D43EA571EFAF81 ft=1 fh=28dc55d634c41655 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\__searchresultsDx.dll.vir"
sh=7223962B03D4EFEBB2183F1AD27EF47048F0B796 ft=1 fh=4e6c4908f37e801e vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\__searchresultstb.dll.vir"
sh=A6694B8088994D12583E7890875925EB897E093C ft=1 fh=b308471e1aa678f4 vn="Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\x64\del_DM_LL_nsdFCAD.dll.vir"
sh=189FC4DEFBF3AF52775F7A922789A0CA6A8FF6F8 ft=1 fh=4ed2a41f68ba7620 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=8C1B4AF23884F48B3394C25DFF659496C26A64E0 ft=1 fh=b281aa308fdd7c22 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=A3AA9516F41EE0B19998A1200EDE15D44ED49454 ft=1 fh=409e8ca697817935 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Local\iLivid\Helper.dll.vir"
sh=10F73307146AB5BC0BE917EEACECEF2E31AA45A6 ft=1 fh=dae39868c428a6bc vn="Variante von Win32/Toolbar.SearchSuite.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Local\iLivid\Uninstall.exe.vir"
sh=635AE0D052D6E3900853456B2DBEF1AAFE895124 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.1.zip.vir"
sh=408F051AE5CCB844CC630E6178BB8643BBC2513B ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=C7438D942F5D66F71822D807D890EA30B68DEA5E ft=1 fh=cea6bc5b719b3fa1 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Local\SaveSense\SaveSenseUpdateVer.exe.vir"
sh=C0ACE5CCAA7E890BA95C6A2CE9B7849B31FE5687 ft=1 fh=469d5509e7a70815 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Local\torch\Helper.dll.vir"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=9E450F6FAC72A5A25FD4EDECE0CF5D3885230235 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=DE138BFD2293B4197712198C41377CE6A89E6200 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js.vir"
sh=50734BE26157FCF2996922F76B9AF0A0088EFD2A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=C7438D942F5D66F71822D807D890EA30B68DEA5E ft=1 fh=cea6bc5b719b3fa1 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe.vir"
sh=B8E6BA69D75149795E4283A8A484B694CC50C001 ft=1 fh=7690bee84a2cb28f vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=312B4326F089F044FEFE73A81FD94223E3F36410 ft=1 fh=789dc111d976203c vn="Variante von Win32/VOPackage.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Zollmann\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=2C5AA90350EA9A8FA0391A0EADE7C6C136A58A2C ft=1 fh=c71c00112c474a2d vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\GS Supporter\Assistant_x64.dll"
sh=7DDF67E506F7B59C21ECFF0F623074CE11EB4D01 ft=1 fh=456d72bfde3dfaf7 vn="Variante von Win32/SoftPulse.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Zollmann\Downloads\Setup(1).exe"
sh=86B31D3004A64354F30BAC994F54CD4B45D4409D ft=1 fh=950629ddde3dfaf7 vn="Variante von Win32/SoftPulse.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Zollmann\Downloads\Setup(2).exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Zollmann\Downloads\wzmp_8.exe"
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Zollmann at 2014-06-07 23:28:44
Running from C:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2006331508.48.56.3937658 - Audible, Inc.)
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.112 - ALPS ELECTRIC CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 3.41 - Happy Cloud, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\ilividmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{A20A58C4-6784-4B4B-86CC-94E2E3671031}) (Version: 7.02.8637 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

05-06-2014 12:06:24 Revo Uninstaller's restore point - Lollipop
05-06-2014 12:08:51 Revo Uninstaller's restore point - Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.)
05-06-2014 12:09:47 Revo Uninstaller's restore point - Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.)
05-06-2014 12:10:52 Revo Uninstaller's restore point - Save Sense (remove only)
05-06-2014 12:11:40 Revo Uninstaller's restore point - Savings Wizard
05-06-2014 12:12:33 Revo Uninstaller's restore point - Search-Results Toolbar

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-07 22:05 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {14172AAE-12F7-4221-BE30-DD1494BDE2F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-04] (Adobe Systems Incorporated)
Task: {1E7857FC-D65D-4C0D-891D-884BCDDE1022} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26] (Google Inc.)
Task: {4A6DDDEF-DBA6-40D5-BA1B-CC480CE77671} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26] (Google Inc.)
Task: {5694831A-A83C-465B-AC39-132B095B0787} - System32\Tasks\{5C539E34-193E-4FE7-AF3C-F7C5EC4139AA} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.7.0.102&amp;LastError=2
Task: {8B407590-D6EB-48BB-B6B2-F38E3DF9D8AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9625D735-7448-497F-90FB-3F7CFD4CB073} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {C1133D61-0697-4403-A453-AB350EF47598} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-03] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-07 21:35 - 2014-06-07 21:35 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060702\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-11-18 17:52 - 2013-11-18 17:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-31 18:36 - 2014-06-03 23:35 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-04 19:48 - 2014-06-04 19:48 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2014 11:22:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 10:25:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 10:25:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 10:15:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 10:15:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 10:15:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 10:14:48 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (06/07/2014 10:14:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/07/2014 09:36:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 00:32:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/06/2014 10:51:47 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/05/2014 01:58:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/05/2014 01:58:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst avast! Firewall erreicht.

Error: (06/05/2014 06:47:27 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{D551F076-A0D7-4406-8CBE-2E2057C07C0A} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (06/04/2014 09:00:38 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (06/07/2014 11:22:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/07/2014 10:25:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\esetsmartinstaller_deu.exe

Error: (06/07/2014 10:25:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\esetsmartinstaller_deu.exe

Error: (06/07/2014 10:15:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\esetsmartinstaller_deu.exe

Error: (06/07/2014 10:15:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\esetsmartinstaller_deu.exe

Error: (06/07/2014 10:15:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\esetsmartinstaller_deu.exe

Error: (06/07/2014 10:14:48 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Zollmann\Downloads\avast_internet_security_setup.exeC:\Users\Zollmann\Downloads\avast_internet_security_setup.exe0

Error: (06/07/2014 10:14:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zollmann\Downloads\esetsmartinstaller_deu.exe

Error: (06/07/2014 09:36:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 00:32:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 4047.92 MB
Available physical RAM: 1955.99 MB
Total Pagefile: 8094.02 MB
Available Pagefile: 5959.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:34.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:29.67 GB) (Free:21.25 GB) FAT32
Drive f: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 1F68E14E)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 86217C5E)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0B)

========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Zollmann (administrator) on ZOLLMANN-PC on 07-06-2014 23:28:04
Running from C:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [681880 2012-08-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-07] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1615557796-2480273254-405201019-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-1615557796-2480273254-405201019-1000\...\Run: [Infigo] => C:\Program Files (x86)\Infigo\Infigo.exe onrun
HKU\S-1-5-21-1615557796-2480273254-405201019-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DEF9B7508AFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
URLSearchHook: HKCU - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {151F87EE-8DC4-497D-BB7C-3A3D66F38EE2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {151F87EE-8DC4-497D-BB7C-3A3D66F38EE2} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=prc265
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF SearchPlugin: C:\Users\Zollmann\AppData\Roaming\Mozilla\Firefox\Profiles\xwdg9t7p.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Widget context - C:\Users\Zollmann\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-29]

Chrome: 
=======
CHR HomePage: https://de.yahoo.com?fr=hp-avast&type=prc265
CHR StartupUrls: "https://de.yahoo.com?fr=hp-avast&type=prc265"
CHR Extension: (Google Docs) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-26]
CHR Extension: (YouTube) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-26]
CHR Extension: (Google Search) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-26]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Gmail) - C:\Users\Zollmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-26]

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-06-03] (AVAST Software)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2013-03-02] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-07 22:13 - 2014-06-07 22:13 - 02347384 _____ (ESET) C:\esetsmartinstaller_deu.exe
2014-06-07 22:05 - 2014-06-07 22:05 - 00000000 ____D () C:\FRST-OlderVersion
2014-06-05 17:19 - 2014-06-07 23:28 - 00013243 _____ () C:\FRST.txt
2014-06-05 17:19 - 2014-06-05 17:20 - 00014941 _____ () C:\Addition.txt
2014-06-05 17:18 - 2014-06-05 17:18 - 00020111 _____ () C:\mbam1.txt
2014-06-05 17:17 - 2014-06-05 17:17 - 00001688 _____ () C:\mbam.txt
2014-06-05 17:00 - 2014-06-07 22:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 17:00 - 2014-06-05 17:00 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 17:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 17:00 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 17:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 16:58 - 2014-06-05 16:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Zollmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 14:20 - 2014-06-06 10:44 - 00028290 _____ () C:\Windows\PFRO.log
2014-06-05 14:05 - 2014-06-05 14:05 - 00001264 _____ () C:\Users\Zollmann\Desktop\Revo Uninstaller.lnk
2014-06-05 14:05 - 2014-06-05 14:05 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-04 19:29 - 2014-06-07 23:28 - 00000000 ____D () C:\FRST
2014-06-04 19:28 - 2014-06-07 22:05 - 02072576 _____ (Farbar) C:\FRST64.exe
2014-06-04 19:19 - 2014-06-07 21:35 - 00001187 _____ () C:\Windows\setupact.log
2014-06-04 19:19 - 2014-06-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 18:51 - 2014-06-04 18:51 - 00001814 _____ () C:\sc-cleaner.txt
2014-06-04 18:27 - 2014-06-04 18:27 - 00000628 _____ () C:\Users\Zollmann\Desktop\JRT.txt
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 17:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-04 17:24 - 2014-06-04 18:04 - 00000000 ____D () C:\AdwCleaner
2014-06-04 16:22 - 2014-06-04 16:22 - 00000000 _____ () C:\Users\Zollmann\AppData\Local\{D896E55B-3A09-4986-830C-2736E40E0E7F}
2014-06-04 00:30 - 2014-06-04 00:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-04 00:30 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-04 00:30 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-04 00:30 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-04 00:30 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-04 00:30 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-04 00:30 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-04 00:29 - 2014-04-12 04:34 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-04 00:29 - 2014-04-12 04:34 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-04 00:29 - 2014-04-12 04:32 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-04 00:29 - 2014-04-12 04:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-06-04 00:29 - 2014-04-12 04:31 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-04 00:29 - 2014-04-12 04:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-06-04 00:29 - 2014-04-12 04:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2014-06-04 00:29 - 2014-04-12 04:29 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00685056 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2014-06-04 00:29 - 2014-04-12 04:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-04 00:29 - 2014-04-12 04:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-04 00:29 - 2014-04-12 04:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-04 00:29 - 2014-04-12 04:05 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-04 00:29 - 2014-04-12 04:05 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-04 00:29 - 2014-04-12 04:05 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-04 00:29 - 2014-04-12 04:04 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-06-04 00:29 - 2014-04-12 04:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00685056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-06-04 00:29 - 2014-04-12 03:03 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-04 00:29 - 2014-04-12 03:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-04 00:29 - 2014-04-12 03:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-04 00:29 - 2014-04-12 03:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-04 00:29 - 2014-03-04 13:11 - 05553088 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-04 00:29 - 2014-03-04 13:08 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-04 00:29 - 2014-03-04 13:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00315904 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-04 00:29 - 2014-03-04 13:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-04 00:29 - 2014-03-04 12:42 - 03974080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-04 00:29 - 2014-03-04 12:42 - 03918784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-04 00:29 - 2014-03-04 12:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-04 00:29 - 2014-03-04 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-04 00:29 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-04 00:29 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-03 23:47 - 2014-06-03 23:51 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-06-03 23:47 - 2014-06-03 23:47 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-06-03 23:18 - 2014-03-25 04:34 - 14179328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-03 23:18 - 2014-03-25 04:18 - 12877312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-03 23:17 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-03 23:17 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 23:16 - 2014-06-03 23:16 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-03 22:01 - 2014-06-03 22:03 - 133194920 _____ () C:\Users\Zollmann\Downloads\avast_internet_security_setup.exe
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieUserList
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieSiteList
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-03 19:00 - 2014-06-03 19:00 - 00000045 _____ () C:\Users\Zollmann\AppData\Roaming\WB.CFG
2014-06-03 18:51 - 2014-06-03 18:51 - 04415768 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-06-03 18:49 - 2014-06-03 18:50 - 04483020 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_free_stb_all_2014_4592_affiliate.exe
2014-06-03 18:48 - 2014-06-03 18:48 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-03 18:47 - 2014-06-03 18:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-03 18:46 - 2014-06-03 18:47 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-06-03 18:46 - 2014-06-03 18:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 18:37 - 2014-06-04 16:45 - 00000003 _____ () C:\Users\Zollmann\AppData\Local\proxy.log
2014-06-03 18:34 - 2014-06-03 18:34 - 04892480 _____ (WinZip International LLC ) C:\Users\Zollmann\Downloads\wzmp_8.exe
2014-06-03 18:22 - 2014-06-03 18:22 - 94714880 _____ (AVAST Software) C:\Users\Zollmann\Downloads\avast_free_antivirus_setup2018.exe
2014-06-03 18:13 - 2014-06-03 18:13 - 00005224 _____ () C:\Users\Zollmann\Desktop\Windows-Kompatibilitätsbericht.htm
2014-06-03 18:09 - 2014-06-03 18:15 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-06-03 18:09 - 2014-06-03 18:15 - 00001908 _____ () C:\Windows\diagerr.xml
2014-06-03 17:28 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-03 17:28 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-03 17:28 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-03 17:28 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-03 17:28 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-03 17:28 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-03 17:28 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-03 17:28 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-03 17:28 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-03 17:28 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-03 17:28 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-03 17:28 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-03 17:28 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-03 17:28 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-03 17:28 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-03 17:28 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-03 17:28 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-03 17:28 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-03 17:28 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-03 17:28 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-03 17:28 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-03 17:28 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-03 17:28 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-03 17:28 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-03 17:28 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-03 17:28 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-03 17:28 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-03 17:28 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-03 17:28 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-03 17:28 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-03 17:28 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-03 17:28 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-03 17:28 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-03 17:28 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-03 17:28 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-03 17:28 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-03 17:28 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-03 17:28 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-03 17:28 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-03 17:28 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-03 17:28 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-03 17:28 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-03 17:28 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-03 17:28 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-06-07 23:28 - 2014-06-05 17:19 - 00013243 _____ () C:\FRST.txt
2014-06-07 23:28 - 2014-06-04 19:29 - 00000000 ____D () C:\FRST
2014-06-07 23:28 - 2013-05-29 12:36 - 00000000 ____D () C:\Users\Zollmann\AppData\Local\Temp
2014-06-07 22:59 - 2013-09-26 17:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 22:55 - 2014-06-05 17:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 22:48 - 2013-05-29 12:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 22:34 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-07 22:34 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-07 22:34 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-07 22:13 - 2014-06-07 22:13 - 02347384 _____ (ESET) C:\esetsmartinstaller_deu.exe
2014-06-07 22:05 - 2014-06-07 22:05 - 00000000 ____D () C:\FRST-OlderVersion
2014-06-07 22:05 - 2014-06-04 19:28 - 02072576 _____ (Farbar) C:\FRST64.exe
2014-06-07 21:43 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 21:43 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 21:39 - 2013-05-29 12:30 - 01920599 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 21:36 - 2013-09-07 15:52 - 00000000 ____D () C:\Users\Zollmann\AppData\Local\LogMeIn Hamachi
2014-06-07 21:36 - 2013-05-29 18:35 - 00000000 ____D () C:\Users\Zollmann\AppData\Roaming\Skype
2014-06-07 21:35 - 2014-06-04 19:19 - 00001187 _____ () C:\Windows\setupact.log
2014-06-07 21:35 - 2013-09-26 17:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 21:35 - 2013-05-29 13:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-07 21:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 12:34 - 2013-06-30 18:23 - 00000000 ____D () C:\Users\Zollmann\AppData\Roaming\.minecraft
2014-06-06 10:44 - 2014-06-05 14:20 - 00028290 _____ () C:\Windows\PFRO.log
2014-06-05 18:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-05 17:20 - 2014-06-05 17:19 - 00014941 _____ () C:\Addition.txt
2014-06-05 17:18 - 2014-06-05 17:18 - 00020111 _____ () C:\mbam1.txt
2014-06-05 17:17 - 2014-06-05 17:17 - 00001688 _____ () C:\mbam.txt
2014-06-05 17:00 - 2014-06-05 17:00 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 17:00 - 2014-06-05 17:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 16:59 - 2014-06-05 16:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Zollmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 14:21 - 2014-01-31 23:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-05 14:19 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-05 14:05 - 2014-06-05 14:05 - 00001264 _____ () C:\Users\Zollmann\Desktop\Revo Uninstaller.lnk
2014-06-05 14:05 - 2014-06-05 14:05 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-05 14:01 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 19:48 - 2013-05-29 12:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-04 19:48 - 2013-05-29 12:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-04 19:48 - 2013-05-29 12:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-04 19:19 - 2014-06-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 18:51 - 2014-06-04 18:51 - 00001814 _____ () C:\sc-cleaner.txt
2014-06-04 18:27 - 2014-06-04 18:27 - 00000628 _____ () C:\Users\Zollmann\Desktop\JRT.txt
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 18:04 - 2014-06-04 17:24 - 00000000 ____D () C:\AdwCleaner
2014-06-04 17:29 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-04 17:27 - 2013-05-29 12:38 - 00001001 _____ () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-04 17:27 - 2013-05-29 12:36 - 00000000 ____D () C:\Users\Zollmann
2014-06-04 16:45 - 2014-06-03 18:37 - 00000003 _____ () C:\Users\Zollmann\AppData\Local\proxy.log
2014-06-04 16:22 - 2014-06-04 16:22 - 00000000 _____ () C:\Users\Zollmann\AppData\Local\{D896E55B-3A09-4986-830C-2736E40E0E7F}
2014-06-04 16:21 - 2013-05-29 12:38 - 00000000 ___RD () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 16:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-04 16:08 - 2013-05-29 12:38 - 00000000 ___RD () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-04 00:30 - 2014-06-04 00:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-04 00:30 - 2013-08-18 20:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-04 00:28 - 2013-06-08 22:25 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-04 00:24 - 2014-03-12 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-06-04 00:24 - 2014-03-12 20:49 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-06-03 23:51 - 2014-06-03 23:47 - 00001668 _____ () C:\Windows\system32\ASOROSet.bin
2014-06-03 23:51 - 2009-07-14 04:34 - 65011712 _____ () C:\Windows\system32\config\software.bak
2014-06-03 23:51 - 2009-07-14 04:34 - 15990784 _____ () C:\Windows\system32\config\system.bak
2014-06-03 23:51 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-06-03 23:48 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-06-03 23:47 - 2014-06-03 23:47 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-06-03 23:35 - 2014-03-31 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 23:35 - 2013-05-29 12:37 - 00000000 ____D () C:\Users\Zollmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 23:35 - 2013-05-29 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 23:35 - 2013-05-29 12:37 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-03 23:16 - 2014-06-03 23:16 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-03 22:55 - 2013-09-26 17:22 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-03 22:55 - 2013-05-29 13:46 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-03 22:55 - 2013-05-29 13:46 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-03 22:03 - 2014-06-03 22:01 - 133194920 _____ () C:\Users\Zollmann\Downloads\avast_internet_security_setup.exe
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieUserList
2014-06-03 21:50 - 2014-06-03 21:50 - 00000000 __SHD () C:\Users\Zollmann\AppData\Local\EmieSiteList
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-06-03 19:00 - 2014-06-03 19:00 - 00000045 _____ () C:\Users\Zollmann\AppData\Roaming\WB.CFG
2014-06-03 18:51 - 2014-06-03 18:51 - 04415768 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-06-03 18:50 - 2014-06-03 18:49 - 04483020 _____ (AVG Technologies) C:\Users\Zollmann\Downloads\avg_free_stb_all_2014_4592_affiliate.exe
2014-06-03 18:48 - 2014-06-03 18:48 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-03 18:48 - 2013-11-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-03 18:47 - 2014-06-03 18:46 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-06-03 18:47 - 2014-01-11 18:26 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-03 18:47 - 2013-05-29 13:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-03 18:47 - 2013-05-29 13:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-03 18:46 - 2014-06-03 18:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-03 18:46 - 2014-06-03 18:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-03 18:46 - 2013-09-26 17:17 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-03 18:46 - 2013-05-29 13:49 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-03 18:46 - 2013-05-29 13:49 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-03 18:34 - 2014-06-03 18:34 - 04892480 _____ (WinZip International LLC ) C:\Users\Zollmann\Downloads\wzmp_8.exe
2014-06-03 18:22 - 2014-06-03 18:22 - 94714880 _____ (AVAST Software) C:\Users\Zollmann\Downloads\avast_free_antivirus_setup2018.exe
2014-06-03 18:15 - 2014-06-03 18:09 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-06-03 18:15 - 2014-06-03 18:09 - 00001908 _____ () C:\Windows\diagerr.xml
2014-06-03 18:13 - 2014-06-03 18:13 - 00005224 _____ () C:\Users\Zollmann\Desktop\Windows-Kompatibilitätsbericht.htm
2014-06-03 17:58 - 2013-05-29 16:06 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-03 17:57 - 2014-03-27 17:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-03 17:57 - 2013-05-29 18:35 - 00000000 ____D () C:\ProgramData\Skype
2014-06-03 17:54 - 2013-09-26 17:21 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-03 17:54 - 2013-09-26 17:21 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-03 17:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-12 07:26 - 2014-06-05 17:00 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 17:00 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 17:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-06-03 23:17 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-06-03 23:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-06-04 00:29] - [2014-03-04 13:08] - 0455680 ____A (Microsoft Corporation) 6CE2AE073BD21C542FC2C707CAE944CC

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-03-02 17:15] - [2013-03-02 17:15] - 2871296 ____A (Microsoft Corporation) 70D758D2DBE79757421017EE68143763

C:\Windows\SysWOW64\explorer.exe
[2013-03-02 17:15] - [2013-03-02 17:15] - 2616320 ____A (Microsoft Corporation) B0846DB5BDAB92131529A58E627FCEB7

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2013-03-02 16:40] - [2013-03-02 16:40] - 1008128 ____A (Microsoft Corporation) 7FB4D54B502C6CF2E35B8188FA4CC08C

C:\Windows\SysWOW64\User32.dll
[2013-03-02 16:40] - [2013-03-02 16:40] - 0833024 ____A (Microsoft Corporation) 9B836EE76E3A99052EF6DEA52B41D1BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2013-03-02 17:19] - [2013-03-02 17:19] - 0512512 ____A (Microsoft Corporation) 83D5AD7CFDB1F9D42C3CD102B20FFA0A

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2013-03-02 17:09] - [2013-03-02 17:09] - 0296304 ____A (Microsoft Corporation) A56F2326CE33646CDA95E7A9E7163FFA



LastRegBack: 2014-06-05 17:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 07.06.2014, 23:49   #12
Bootsektor
/// TB-Ausbilder
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Hallo Beate,

das sind alles unspektakuläre Funde, zum Großteil in der Quarantäne des adwarecleaners

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\GS Supporter\Assistant_x64.dll
C:\Users\Zollmann\Downloads\Setup(1).exe
C:\Users\Zollmann\Downloads\Setup(2).exe
C:\Users\Zollmann\Downloads\wzmp_8.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



OK
So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber.
Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir.

Schritt 1

Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren.
Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen.

Schritt 2
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Falls nach Delfix noch Programme aus unserer Bereinigung vorhanden sein sollten, kannst du diese nun bedenkenlos löschen.

Updates / Programme aktualisieren
  • Java
Dein Java ist nicht mehr aktuell.
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren.
Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren.

Windows XP
Gehe auf:
Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen
Windows Vista
Gehe auf:
Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen
Windows 7
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen
Windows 8
Dazu drücke auf:
Windowstaste und X
dann:
Programme und Funktionen -->Javaversionen auswählen --> entfernen

Falls du Java doch unbedingt benötigst, dann
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 60 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.

und sorge dafür, dass Java automatisch updated.
Dazu:
  • öffne Java
  • klicke auf den Reiter Update
  • klicke auf: Benachrichtung ausgeben: Vor dem Download setze den Haken bei Automatisch nach Updates suchen
  • klicke auf Erweitert
  • ändere das Intervall mindestens auf wöchentlich
und schalte das Browser-Plugin aus.
Hier findest du eine Anleitung dazu.

Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems.

Aktualität des Systems
Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.

Antivirensoftware
  • Gehe sicher immer eine Antiviren Software installiert zu haben und halte diese unbedingt aktuell.

Zusätzlicher Schutz
  • MalwareBytes Anti-Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On-Demand Scantool welches viele aktuelle Malware erkennt und auch entfernt.
    Aktualisiere das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf einen Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.


Systemleistung
Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows.
Windows Vista
  • Klicke unten links auf das Vistasymbol
  • Gehe auf Programme -> Zubehör -> Systemprogramme -> Datenträgerbereinigung
  • Wähle nun Dateien von allen Benutzern des Computers aus und bestätige mit OK
  • Setze den Haken bei den zu löschenden Dateien zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

Windows 7
  • Gehe auf das Windowsstartsymbol
  • Gebe im Suchfeld Datenträgerrereinigung ein
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK

Windows 8
  • Rechtsklicke in die untere linke Ecke deines Bildschirms
  • Klicke auf Suchen
  • Klicke auf Einstellungen
  • Gebe im Suchfeld Datenträgerbereinigung ein
  • Klicke in den Einstellungen auf der linken Seite nun auf Speicherplatz durch Löschen nicht erforderlicher Dateien freigeben
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

Halte dich fern von jeglichen Registry Cleanern.
Diese schaden deinem System mehr als dass sie es schneller machen.

Verhaltensregeln zum sichereren Surfen
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
  • Achte besonders bei der Installation von Programmen darauf, ob sich weitere Software mitinstallieren möchte, wähle wo immer es geht die benutzerdefinierte Installation und wähle alles ab, was nichts mit dem Programm zu tun hat, welches du dir installieren möchtest.

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind.

Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun.

Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun.

Alt 08.06.2014, 00:02   #13
maxiflozo
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by Zollmann at 2014-06-07 23:54:23 Run:3
Running from C:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\GS Supporter\Assistant_x64.dll
C:\Users\Zollmann\Downloads\Setup(1).exe
C:\Users\Zollmann\Downloads\Setup(2).exe
C:\Users\Zollmann\Downloads\wzmp_8.exe
         
*****************

C:\Program Files (x86)\GS Supporter\Assistant_x64.dll => Moved successfully.
C:\Users\Zollmann\Downloads\Setup(1).exe => Moved successfully.
C:\Users\Zollmann\Downloads\Setup(2).exe => Moved successfully.
C:\Users\Zollmann\Downloads\wzmp_8.exe => Moved successfully.

==== End of Fixlog ====
         
Hi Sandra,
weißt du ob mein Sohn Java für Minecraft benötigt?
Gruß
Beate

Alt 08.06.2014, 00:03   #14
Bootsektor
/// TB-Ausbilder
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



Hallo Beate,

meines Wissen braucht man dafür Java, ja

Alt 08.06.2014, 00:44   #15
maxiflozo
 
Windows 7, stängige PUP und DMUNINSTALL - Standard

Windows 7, stängige PUP und DMUNINSTALL



ok, danke, dann muss ich es wohl drauf machen........

Hallo Sandra,
super vielen Dank für deine kompetente, gut verständliche Hilfe.
Ich habe Java runtergeladen und alle Einstellungen so gemacht, wie du es geschrieben hast. Das Malwarebytes habe ich drauf behalten.
Ich zeige meinem Sohn morgen mal deine Verhaltensregeln zum sicheren Surfen.
Gespendet habe ich auch und jetzt gehe ich schlafen.
Nochmal vielen, vielen Dank.
Schöne Pfingsten und hoffentlich muss ich euch nicht so bald wieder bemühen
Freundliche Grüße
Beate

p.s. boah ich bin sooooooo froh und erleichtert!!!

Antwort

Themen zu Windows 7, stängige PUP und DMUNINSTALL
durchgeführt, entfernt, js/toolbar.crossrider.b, pup.optional.bandoo, pup.optional.bench.a, pup.optional.benchupdater.a, pup.optional.datamngr.a, pup.optional.mediaplayerenhance.a, pup.optional.moviestoolbar.a, pup.optional.newplayer.a, pup.optional.outbrowse, pup.optional.plurpush.a, pup.optional.qone8, pup.optional.savesense.a, pup.optional.savingswizard.a, pup.optional.simplytech.a, super, unterbrochen, win32/adware.smartapps.a, win32/adware.smartapps.b, win32/toolbar.crossrider.aa, win32/toolbar.crossrider.ac, win32/toolbar.crossrider.af, win32/toolbar.crossrider.x, win32/toolbar.crossrider.y, win64/toolbar.crossrider.d




Zum Thema Windows 7, stängige PUP und DMUNINSTALL - Hallo liebes Tojaner-Board Team. Ich bin eine Hilfe suchende Mama(50) und hoffe, dass mein Laptop noch zu retten ist. Also, mein Sohn(13) hat sich vor ca 1 Jahr Minecraft und - Windows 7, stängige PUP und DMUNINSTALL...
Archiv
Du betrachtest: Windows 7, stängige PUP und DMUNINSTALL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.