Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.07.2014, 13:39   #1
PhiQu
 
Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet - Standard

Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet



Hallo,
ich habe folgendes Problem:
Wenn ich Firefox öffne erscheint nicht wie gewohnt meine Google-Startseite sondern eine ähnlich aussehende Seite mit der Adresse hxxp://search.fbdownloader.com/?channel=de_nt

Wie ich hier schon in anderen Beiträgen lesen konnte, handelt es sich hierbei um einen Trojaner.
Vielleicht könnt ihr mir, wie den anderen Usern, bei der Lösung des Problems helfen??

Danke schonmal vorab!

Geändert von PhiQu (25.07.2014 um 13:47 Uhr)

Alt 25.07.2014, 15:28   #2
sunjojo
/// Malwareteam
 
Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet - Standard

Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet



Hallo PhiQu,

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:
Regeln zum Ablauf der Bereinigung
  • Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
  • Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
    • Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
  • Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).
  • Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.
  • Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
    • Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.
Hinweis
  • Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST.txt und Addition.txt
__________________

__________________

Alt 25.07.2014, 15:37   #3
PhiQu
 
Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet - Standard

Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet



Hallo Jonas,

FRST Logfile

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Philipp (administrator) on PHILIPP-PC on 25-07-2014 13:56:44
Running from C:\Users\Philipp\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Malwarebytes Corporation                                    ) C:\Users\Philipp\Downloads\mbam-setup-2.0.2.1012.exe
() C:\Users\Philipp\AppData\Local\Temp\is-52EMU.tmp\mbam-setup-2.0.2.1012.tmp


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-01-12] (RealNetworks, Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exeC:\Users\Philipp\AppData\Roaming\appconf32.exe, [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent 
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [TBPanel] => C:\Program Files (x86)\Vtune\TBPanel.exe [2240512 2011-03-11] ()
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [SSync] => C:\Users\Philipp\AppData\Roaming\SSync\SSync.exe [37376 2013-12-09] ()
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [SCheck] => C:\Users\Philipp\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [DataMgr] => C:\Users\Philipp\AppData\Roaming\DataMgr\DataMgr.exe [168824 2014-01-23] (HTTO Group, Ltd.)
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [Intermediate] => C:\Users\Philipp\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [Sixth] => C:\Users\Philipp\AppData\Roaming\Sixth\Sixth.exe [63625 2014-07-19] ()
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6066F458BE00CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD7D1EB43-F27B-4590-8891-3DA45D2A4084&q={searchTerms}&SSPV=
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {A4827E58-C93E-4F08-9F6C-BB5D1A81F789} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=30335ed800000000000000c0ca660cb0&r=546
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Simple New Tab Bho -> {5C2DD58F-613F-4580-8AC0-F10D760AF938} -> C:\Users\Philipp\AppData\Local\simple_new_tab\simple_new_tab.dll (Temp Company Ltd)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: OfferMosquito -> {82B16A3D-F03E-4565-A532-666B219C9A53} -> C:\Users\Philipp\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll (Bebo Media Ltd)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Keyword.URL: hxxp://wisersearch.com/search.php?channel=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\Philipp\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (Bebo Media Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\Extensions\abs@avira.com [2014-07-03]
FF Extension: OfferMosquito - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\Extensions\om@offermosquito.com.xpi [2014-02-28]
FF Extension: Simple New Tab - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Philipp\AppData\Roaming\5053
FF Extension: Java String Helper - C:\Users\Philipp\AppData\Roaming\5053 [2011-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-12]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Philipp\AppData\Roaming\5053
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-10-27]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-12-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-12-16] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Realtek11nCU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-19] () [File not signed]
S3 TBPanel; No ImagePath
U3 a0ksuixh; C:\Windows\System32\Drivers\a0ksuixh.sys [0 ] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 13:56 - 2014-07-25 13:57 - 00022306 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-07-25 13:55 - 2014-07-25 13:55 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-25 13:55 - 2014-07-25 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-25 13:54 - 2014-07-25 13:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-25 13:54 - 2014-07-25 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 13:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-25 13:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-25 13:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-25 13:52 - 2014-07-25 13:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-25 13:46 - 2014-07-25 13:56 - 00000000 ____D () C:\FRST
2014-07-25 13:44 - 2014-07-25 13:45 - 02093568 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-07-25 13:42 - 2014-07-25 13:43 - 01084416 _____ (Farbar) C:\Users\Philipp\Downloads\FRST.exe
2014-07-24 21:27 - 2014-07-24 21:27 - 03571264 _____ () C:\Users\Philipp\Desktop\Don't - Ed Sheeran - Lyrics (HQ Audio)(360p_H.264-AAC).mp4
2014-07-24 21:14 - 2014-07-24 21:16 - 10858628 _____ () C:\Users\Philipp\Desktop\Marlon Roudette - When The Beat Drops Out (Official Video)(360p_H.264-AAC).mp4
2014-07-23 18:16 - 2014-07-23 18:26 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Snz
2014-07-23 18:16 - 2014-07-23 18:16 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Sixth
2014-07-19 16:29 - 2014-07-19 16:32 - 24477360 _____ () C:\Users\Philipp\Downloads\En Vogue - Don't Let Go (Love) (Set It Off Movie Soundtrack 1996)(360p_H.264-AAC).mp4
2014-07-19 16:18 - 2014-07-19 16:19 - 14829647 _____ () C:\Users\Philipp\Desktop\Lana Del Rey -- West Coast (Radio Mix)(360p_H.264-AAC).mp4
2014-07-10 14:42 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 14:42 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 14:42 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 14:42 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 14:42 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 14:42 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 14:42 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 14:42 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 14:42 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 14:42 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 14:42 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 14:42 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 14:42 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 14:42 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 14:42 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 14:42 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 14:41 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 14:41 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 14:41 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 14:41 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 14:41 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 14:41 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 14:41 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 14:41 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 14:41 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 14:41 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 14:41 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 14:41 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 14:41 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 14:41 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 14:41 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 14:41 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 14:41 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 14:41 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 14:41 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 14:41 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 14:41 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 14:41 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 14:41 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 14:41 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 14:41 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 14:41 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 14:41 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 14:41 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 14:41 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 14:41 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 14:41 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 14:41 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 14:41 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 14:41 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 14:41 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 14:41 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 14:41 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 14:41 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 14:41 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 14:41 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 14:33 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 14:33 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 14:33 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 14:32 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 14:32 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 14:32 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 14:20 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 14:20 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 14:19 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 14:19 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 14:19 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 11:18 - 2014-07-08 11:20 - 25447799 _____ () C:\Users\Philipp\Desktop\Wildstylez - Back To Basics (Lyrics Video) HD(360p_H.264-AAC).mp4
2014-07-08 11:12 - 2014-07-08 11:14 - 16011407 _____ () C:\Users\Philipp\Desktop\Arkaine - Voice Of Desire (Full) [HD](360p_H.264-AAC).mp4
2014-07-08 11:01 - 2014-07-08 11:02 - 12908195 _____ () C:\Users\Philipp\Desktop\Headhunterz & Brennan Heart - The MF Point Of Lento (Qlimax DJ Tool) [FULL][HD&HQ](360p_H.264-AAC).mp4
2014-07-08 10:57 - 2014-07-08 10:58 - 08310127 _____ () C:\Users\Philipp\Desktop\Feed Me - Cloudburn (feat. Tasha Baxter)(360p_H.264-AAC).mp4
2014-07-08 10:49 - 2014-07-08 10:50 - 10754044 _____ () C:\Users\Philipp\Downloads\TNT - First Match 2011 (Album Mix) (HQ HD)(3D)(360p_H.264-AAC).mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 13:57 - 2014-07-25 13:56 - 00022306 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-07-25 13:56 - 2014-07-25 13:46 - 00000000 ____D () C:\FRST
2014-07-25 13:55 - 2014-07-25 13:55 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-25 13:55 - 2014-07-25 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-25 13:55 - 2014-07-25 13:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-25 13:54 - 2014-07-25 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 13:54 - 2014-07-25 13:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-25 13:53 - 2014-01-26 21:14 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 13:45 - 2014-07-25 13:44 - 02093568 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-07-25 13:43 - 2014-07-25 13:42 - 01084416 _____ (Farbar) C:\Users\Philipp\Downloads\FRST.exe
2014-07-25 13:16 - 2010-12-18 18:23 - 01295788 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 13:16 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 13:16 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 13:11 - 2014-05-07 20:58 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-86684829-2595615720-3932305003-1001
2014-07-25 13:11 - 2014-01-26 21:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 13:11 - 2014-01-12 21:11 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-86684829-2595615720-3932305003-1001
2014-07-25 13:11 - 2012-12-24 14:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-25 13:11 - 2010-12-18 20:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-25 13:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 13:11 - 2009-07-14 06:51 - 00138350 _____ () C:\Windows\setupact.log
2014-07-25 13:10 - 2012-05-12 21:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 13:10 - 2012-05-12 21:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 21:51 - 2012-05-12 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 21:27 - 2014-07-24 21:27 - 03571264 _____ () C:\Users\Philipp\Desktop\Don't - Ed Sheeran - Lyrics (HQ Audio)(360p_H.264-AAC).mp4
2014-07-24 21:16 - 2014-07-24 21:14 - 10858628 _____ () C:\Users\Philipp\Desktop\Marlon Roudette - When The Beat Drops Out (Official Video)(360p_H.264-AAC).mp4
2014-07-24 21:14 - 2010-12-18 19:43 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-07-24 21:06 - 2009-07-14 19:58 - 00713594 _____ () C:\Windows\system32\perfh007.dat
2014-07-24 21:06 - 2009-07-14 19:58 - 00155530 _____ () C:\Windows\system32\perfc007.dat
2014-07-24 21:06 - 2009-07-14 07:13 - 01658844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-24 21:01 - 2012-04-26 19:23 - 00000260 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-07-23 18:26 - 2014-07-23 18:16 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Snz
2014-07-23 18:16 - 2014-07-23 18:16 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Sixth
2014-07-23 18:16 - 2014-01-26 21:16 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\DataMgr
2014-07-19 16:32 - 2014-07-19 16:29 - 24477360 _____ () C:\Users\Philipp\Downloads\En Vogue - Don't Let Go (Love) (Set It Off Movie Soundtrack 1996)(360p_H.264-AAC).mp4
2014-07-19 16:19 - 2014-07-19 16:18 - 14829647 _____ () C:\Users\Philipp\Desktop\Lana Del Rey -- West Coast (Radio Mix)(360p_H.264-AAC).mp4
2014-07-19 08:59 - 2014-01-26 21:16 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Fifth
2014-07-11 13:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 11:27 - 2009-07-14 06:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 11:24 - 2014-05-06 21:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 11:24 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 11:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 11:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 22:18 - 2010-12-19 16:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 22:17 - 2013-07-24 22:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 22:13 - 2009-10-14 07:12 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 13:40 - 2010-12-18 20:10 - 00356152 _____ () C:\Windows\PFRO.log
2014-07-10 13:26 - 2013-07-02 19:24 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 11:10 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-08 11:20 - 2014-07-08 11:18 - 25447799 _____ () C:\Users\Philipp\Desktop\Wildstylez - Back To Basics (Lyrics Video) HD(360p_H.264-AAC).mp4
2014-07-08 11:14 - 2014-07-08 11:12 - 16011407 _____ () C:\Users\Philipp\Desktop\Arkaine - Voice Of Desire (Full) [HD](360p_H.264-AAC).mp4
2014-07-08 11:02 - 2014-07-08 11:01 - 12908195 _____ () C:\Users\Philipp\Desktop\Headhunterz & Brennan Heart - The MF Point Of Lento (Qlimax DJ Tool) [FULL][HD&HQ](360p_H.264-AAC).mp4
2014-07-08 10:58 - 2014-07-08 10:57 - 08310127 _____ () C:\Users\Philipp\Desktop\Feed Me - Cloudburn (feat. Tasha Baxter)(360p_H.264-AAC).mp4
2014-07-08 10:50 - 2014-07-08 10:49 - 10754044 _____ () C:\Users\Philipp\Downloads\TNT - First Match 2011 (Album Mix) (HQ HD)(3D)(360p_H.264-AAC).mp4
2014-07-07 23:48 - 2010-12-19 16:19 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\vlc
2014-07-02 12:30 - 2014-01-12 21:05 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-86684829-2595615720-3932305003-1001
2014-07-02 12:30 - 2014-01-12 21:05 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-86684829-2595615720-3932305003-1001
2014-06-30 04:09 - 2014-07-10 14:20 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-10 14:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Philipp\AppData\Local\Temp\AskSLib.dll
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\contentDATs.exe
C:\Users\Philipp\AppData\Local\Temp\CTPBSeq.exe
C:\Users\Philipp\AppData\Local\Temp\EAD17F2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD26A2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD5E16.exe
C:\Users\Philipp\AppData\Local\Temp\EAD5E26.exe
C:\Users\Philipp\AppData\Local\Temp\EAD5E64.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6086.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6151.exe
C:\Users\Philipp\AppData\Local\Temp\EAD621C.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6325.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6326.exe
C:\Users\Philipp\AppData\Local\Temp\EAD647C.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6585.exe
C:\Users\Philipp\AppData\Local\Temp\EAD65D3.exe
C:\Users\Philipp\AppData\Local\Temp\EAD65D4.exe
C:\Users\Philipp\AppData\Local\Temp\EAD65F2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6621.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6631.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6650.exe
C:\Users\Philipp\AppData\Local\Temp\EAD671B.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6759.exe
C:\Users\Philipp\AppData\Local\Temp\EAD67A7.exe
C:\Users\Philipp\AppData\Local\Temp\EAD67B7.exe
C:\Users\Philipp\AppData\Local\Temp\EAD67B8.exe
C:\Users\Philipp\AppData\Local\Temp\EAD67C6.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6805.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6834.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6853.exe
C:\Users\Philipp\AppData\Local\Temp\EAD68A1.exe
C:\Users\Philipp\AppData\Local\Temp\EAD68FE.exe
C:\Users\Philipp\AppData\Local\Temp\EAD692D.exe
C:\Users\Philipp\AppData\Local\Temp\EAD695C.exe
C:\Users\Philipp\AppData\Local\Temp\EAD69BA.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6A36.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6A65.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6A75.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6A84.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6B6E.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6BCC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6C39.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6C58.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6C59.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6C87.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6D14.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6D42.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6D71.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6DB0.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6DBF.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6E5B.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6E9A.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6EB9.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6EBA.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6ED8.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6EF7.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6EF8.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6FB2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6FE1.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7158.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7196.exe
C:\Users\Philipp\AppData\Local\Temp\EAD71D4.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7270.exe
C:\Users\Philipp\AppData\Local\Temp\EAD734B.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7389.exe
C:\Users\Philipp\AppData\Local\Temp\EAD73B8.exe
C:\Users\Philipp\AppData\Local\Temp\EAD73D7.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7406.exe
C:\Users\Philipp\AppData\Local\Temp\EAD74C1.exe
C:\Users\Philipp\AppData\Local\Temp\EAD74D1.exe
C:\Users\Philipp\AppData\Local\Temp\EAD74D2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD751F.exe
C:\Users\Philipp\AppData\Local\Temp\EAD753E.exe
C:\Users\Philipp\AppData\Local\Temp\EAD753F.exe
C:\Users\Philipp\AppData\Local\Temp\EAD754E.exe
C:\Users\Philipp\AppData\Local\Temp\EAD758C.exe
C:\Users\Philipp\AppData\Local\Temp\EAD75AB.exe
C:\Users\Philipp\AppData\Local\Temp\EAD75AC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD75DA.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7638.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7686.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7695.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7696.exe
C:\Users\Philipp\AppData\Local\Temp\EAD76C4.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7770.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77BE.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77CD.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77EC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77FC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77FD.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7898.exe
C:\Users\Philipp\AppData\Local\Temp\EAD79C0.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7A0F.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7B08.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7B95.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7BA4.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7BC3.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7C50.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7C6F.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7C70.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7CAD.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7CDC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7D2A.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7DE5.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7E43.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7E91.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7F3D.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8017.exe
C:\Users\Philipp\AppData\Local\Temp\EAD81EB.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8297.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8342.exe
C:\Users\Philipp\AppData\Local\Temp\EAD848A.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8499.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8516.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8526.exe
C:\Users\Philipp\AppData\Local\Temp\EAD85A3.exe
C:\Users\Philipp\AppData\Local\Temp\EAD86AC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD86FA.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8738.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8803.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8A92.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8BBB.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8C09.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8DCD.exe
C:\Users\Philipp\AppData\Local\Temp\EAD90C9.exe
C:\Users\Philipp\AppData\Local\Temp\EAD9201.exe
C:\Users\Philipp\AppData\Local\Temp\EAD94DF.exe
C:\Users\Philipp\AppData\Local\Temp\EAD9D95.exe
C:\Users\Philipp\AppData\Local\Temp\EADAD2F.exe
C:\Users\Philipp\AppData\Local\Temp\EADBB14.exe
C:\Users\Philipp\AppData\Local\Temp\EADC3DA.exe
C:\Users\Philipp\AppData\Local\Temp\EADC63B.exe
C:\Users\Philipp\AppData\Local\Temp\EADCAC.exe
C:\Users\Philipp\AppData\Local\Temp\EADF66E.exe
C:\Users\Philipp\AppData\Local\Temp\eauninstall.exe
C:\Users\Philipp\AppData\Local\Temp\First15.exe
C:\Users\Philipp\AppData\Local\Temp\install_flashplayer11x32_mssa_awc_aih.exe
C:\Users\Philipp\AppData\Local\Temp\install_flashplayer11x32_mssa_awc_aih_1.exe
C:\Users\Philipp\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Philipp\AppData\Local\Temp\msvcr80.dll
C:\Users\Philipp\AppData\Local\Temp\nsg7203.exe
C:\Users\Philipp\AppData\Local\Temp\nsm6C0A.exe
C:\Users\Philipp\AppData\Local\Temp\nsmA999.exe
C:\Users\Philipp\AppData\Local\Temp\nswA3BE.exe
C:\Users\Philipp\AppData\Local\Temp\nszDD91.exe
C:\Users\Philipp\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Philipp\AppData\Local\Temp\SimPack.exe
C:\Users\Philipp\AppData\Local\Temp\stubhelper.dll
C:\Users\Philipp\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Philipp\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Philipp\AppData\Local\Temp\VIS_DE-2013-12-13.exe
C:\Users\Philipp\AppData\Local\Temp\VP6Install.exe
C:\Users\Philipp\AppData\Local\Temp\VP6VFW.dll
C:\Users\Philipp\AppData\Local\Temp\zlib1.dll
C:\Users\Philipp\AppData\Local\Temp\_is96DB.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 11:11

==================== End Of Log ============================
         
--- --- ---



und Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by Philipp at 2014-07-25 13:59:01
Running from C:\Users\Philipp\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{963BFE7E-C350-4346-B43C-B02358306A45}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cossacks - The Art Of War (HKLM-x32\...\Cossacks : The Art Of War) (Version:  - )
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
EW : Cossacks (HKLM-x32\...\EW : Cossacks) (Version:  - )
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.4 - Electronic Arts)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GoldWave v5.58 (HKLM-x32\...\GoldWave v5.58) (Version:  - )
Google Chrome Frame (HKLM-x32\...\{8618AE04-1210-3C32-A8C3-45A5E44CD340}) (Version: 65.169.107 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{B0BF4E84-0EE3-4E47-B90E-27B40348E022}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{0C682623-8F66-46A8-B9B3-93FE1E66A001}) (Version: 10.1.1.4 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
JDownloader (HKLM-x32\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0179 - )
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4200.95 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Vtune 7.18 (HKLM-x32\...\MySSID_is1) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-07-2014 10:54:57 Geplanter Prüfpunkt
09-07-2014 22:00:09 Geplanter Prüfpunkt
10-07-2014 20:04:57 Windows Update
19-07-2014 09:40:19 Geplanter Prüfpunkt
24-07-2014 19:47:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D90A3FA-37AB-4FCB-A511-1B24CE38E25B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08] (Sun Microsystems, Inc.)
Task: {2CDFD359-3C86-48D7-B103-E61FF0F0E698} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-86684829-2595615720-3932305003-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5238125C-CBFE-4DC3-B5BE-4628073FC456} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {523B77DC-B40D-4BD1-ACE4-37C297C757FD} - System32\Tasks\RealCreateProcessScheduledTask9183513S-1-5-21-86684829-2595615720-3932305003-1001 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2014-01-12] (RealNetworks, Inc.)
Task: {97EDACF6-5C01-4018-BA8F-8B2CFCDB61DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {9904DC47-178A-4070-85C6-D879F1E82DEF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-86684829-2595615720-3932305003-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A048F202-E0BB-4B46-AD59-837ADD0068C9} - System32\Tasks\OMESupervisor => C:\Users\Philipp\AppData\Local\omesuperv.exe [2014-03-12] () <==== ATTENTION
Task: {A2861580-4FC5-4D62-A9B5-4B74D9B9C523} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-86684829-2595615720-3932305003-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AFA51918-3679-4B08-85A9-E12ACAC6022D} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {B6C7B13C-1F2C-4FE1-882A-54BD5746A810} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-86684829-2595615720-3932305003-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B993D650-7BF6-4757-8486-33ECFFB4CFB6} - System32\Tasks\Fifth => C:\Users\Philipp\AppData\Roaming\Fifth\Fifth.exe [2014-03-12] () <==== ATTENTION
Task: {BB2DB8EB-7766-4D76-8B46-AEBF5A93FB5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {BC70E965-7FD2-4EF3-8709-76161D61070D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-86684829-2595615720-3932305003-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2012-11-18 23:07 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-16 19:40 - 2011-12-16 19:40 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-06-08 23:49 - 2011-06-08 23:49 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3070_B611.dll
2010-12-19 16:20 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2011-06-28 18:57 - 2011-03-11 17:26 - 02240512 _____ () C:\Program Files (x86)\Vtune\TBPANEL.exe
2014-07-25 13:54 - 2014-07-25 13:54 - 00706560 _____ () C:\Users\Philipp\AppData\Local\Temp\is-52EMU.tmp\mbam-setup-2.0.2.1012.tmp
2012-07-17 17:42 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2012-07-17 17:43 - 2011-07-15 12:03 - 00693760 ____R () C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\P2PLib.dll
2010-12-19 16:20 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2011-06-28 18:57 - 1998-10-31 04:55 - 00005120 _____ () C:\Program Files (x86)\Vtune\TBManage.dll
2014-05-21 21:07 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-24 17:52 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-21 21:07 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-09 18:08 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-25 14:23 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 21:07 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-21 21:07 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2012-12-24 14:19 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-04-07 14:41 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2010-12-23 14:56 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2010-12-23 14:56 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-05-28 17:59 - 2014-05-28 17:59 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 09:40:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 764

Startzeit: 01cfa77159318ba0

Endzeit: 800

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 4c8ece71-136a-11e4-bfa2-ea60e4b9b778

Error: (07/23/2014 07:05:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2014 11:36:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2014 10:38:14 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x80070008) festgestellt.

Error: (07/19/2014 09:27:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wmplayer.exe, Version 12.0.7601.18150 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 450

Startzeit: 01cfa322cadafed8

Endzeit: 130

Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Berichts-ID: 17ed5f19-0f16-11e4-b723-ec4bcb551f63

Error: (07/19/2014 09:26:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wmplayer.exe, Version 12.0.7601.18150 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12e0

Startzeit: 01cfa31f302cc5e0

Endzeit: 130

Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Berichts-ID: f94c3ef9-0f15-11e4-b723-ec4bcb551f63

Error: (07/13/2014 10:31:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/12/2014 02:55:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/10/2014 02:09:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/08/2014 09:03:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/25/2014 01:13:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/25/2014 01:13:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/25/2014 01:12:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/25/2014 01:11:58 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 3

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (07/25/2014 01:11:58 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 3

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (07/25/2014 01:11:58 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (07/25/2014 01:11:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (07/24/2014 09:47:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/24/2014 09:46:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/24/2014 09:02:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (07/24/2014 09:40:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756776401cfa77159318ba0800C:\Windows\Explorer.EXE4c8ece71-136a-11e4-bfa2-ea60e4b9b778

Error: (07/23/2014 07:05:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (07/19/2014 11:36:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (07/19/2014 10:38:14 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x80070008

Error: (07/19/2014 09:27:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe12.0.7601.1815045001cfa322cadafed8130C:\Program Files (x86)\Windows Media Player\wmplayer.exe17ed5f19-0f16-11e4-b723-ec4bcb551f63

Error: (07/19/2014 09:26:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe12.0.7601.1815012e001cfa31f302cc5e0130C:\Program Files (x86)\Windows Media Player\wmplayer.exef94c3ef9-0f15-11e4-b723-ec4bcb551f63

Error: (07/13/2014 10:31:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (07/12/2014 02:55:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (07/10/2014 02:09:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (07/08/2014 09:03:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe


==================== Memory info =========================== 

Percentage of memory in use: 60%
Total physical RAM: 2047.3 MB
Available physical RAM: 815.87 MB
Total Pagefile: 4094.61 MB
Available Pagefile: 2201.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:368.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A940A940)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 25.07.2014, 16:08   #4
sunjojo
/// Malwareteam
 
Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet - Standard

Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet



Alles klar, dann machen wir mal so weiter:



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Poste folgende Logfiles in deiner nächsten Antwort:
  • AdwCleaner.txt
  • Mbam.txt
  • FRST.txt
__________________
Gruß,

Jonas

Alt 25.07.2014, 16:36   #5
PhiQu
 
Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet - Standard

Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet



soo, einmal adw:

Code:
ATTFilter
# AdwCleaner v3.216 - Bericht erstellt am 25/07/2014 um 15:15:02
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Philipp - PHILIPP-PC
# Gestartet von : C:\Users\Philipp\Downloads\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Philipp\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Fifth
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\SSync
Datei Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\searchplugins\search.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Fifth
Datei Gelöscht : C:\Windows\System32\Tasks\OMESupervisor

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://wisersearch.com/search.php?channel=de&q=");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://wisersearch.com/search.php?channel=de&q=");
Zeile gelöscht : user_pref("simplenewtab.url", "hxxp://wisersearch.com/?channel=de_nt");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5209 octets] - [25/07/2014 15:10:12]
AdwCleaner[S0].txt - [4699 octets] - [25/07/2014 15:15:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4759 octets] ##########
         

und mbam:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 25.07.2014
Scan Time: 14:06:47
Logfile: mbam.txt
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.07.25.02
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Philipp

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325972
Time Elapsed: 38 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 18
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, Quarantined, [15a1bee5a1dabc7ac92d015a5da5768a], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8DAA9564-C7BF-43E1-ADB9-17B44DA980A6}, Quarantined, [15a1bee5a1dabc7ac92d015a5da5768a], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B47A69DE-9B38-4EC0-996E-99F90C0F8CA5}, Quarantined, [15a1bee5a1dabc7ac92d015a5da5768a], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B47A69DE-9B38-4EC0-996E-99F90C0F8CA5}, Quarantined, [15a1bee5a1dabc7ac92d015a5da5768a], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, Quarantined, [15a1bee5a1dabc7ac92d015a5da5768a], 
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-86684829-2595615720-3932305003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, Delete-on-Reboot, [15a1bee5a1dabc7ac92d015a5da5768a], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}, Quarantined, [c7efb2f1c9b2da5c47a15a0600027789], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\CLASSES\TYPELIB\{A1669086-99CD-4735-9B7D-BD0ED4EF4893}, Quarantined, [c7efb2f1c9b2da5c47a15a0600027789], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\CLASSES\INTERFACE\{E563EA8B-7C40-4E55-AD48-EF3A1463F16C}, Quarantined, [c7efb2f1c9b2da5c47a15a0600027789], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E563EA8B-7C40-4E55-AD48-EF3A1463F16C}, Quarantined, [c7efb2f1c9b2da5c47a15a0600027789], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A1669086-99CD-4735-9B7D-BD0ED4EF4893}, Quarantined, [c7efb2f1c9b2da5c47a15a0600027789], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{82B16A3D-F03E-4565-A532-666B219C9A53}, Quarantined, [c7efb2f1c9b2da5c47a15a0600027789], 
PUP.Optional.OfferMosquito, HKU\S-1-5-21-86684829-2595615720-3932305003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82B16A3D-F03E-4565-A532-666B219C9A53}, Delete-on-Reboot, [c7efb2f1c9b2da5c47a15a0600027789], 
PUP.Optional.OfferMosquito, HKU\S-1-5-21-86684829-2595615720-3932305003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82B16A3D-F03E-4565-A532-666B219C9A53}, Delete-on-Reboot, [c7efb2f1c9b2da5c47a15a0600027789], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-86684829-2595615720-3932305003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Delete-on-Reboot, [52641a8998e31c1a30bd2a3035cde020], 
Trojan.Banker, HKU\S-1-5-21-86684829-2595615720-3932305003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C689C99E-3A8C-4c87-A79C-C80DC9C81632}, Delete-on-Reboot, [ae08dbc8314adc5aeab595dfac5656aa], 
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-86684829-2595615720-3932305003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, Delete-on-Reboot, [d0e66a39d0abf73fb7b79c3d7e84fe02], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-86684829-2595615720-3932305003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Delete-on-Reboot, [595d3a697209e74ff90425bb91718080], 

Registry Values: 1
PUP.Optional.DataMgr.A, HKU\S-1-5-21-86684829-2595615720-3932305003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DataMgr, "C:\Users\Philipp\AppData\Roaming\DataMgr\DataMgr.exe", Delete-on-Reboot, [eec8772cee8dcd695cd88f9b1ee6c739]

Registry Data: 1
Hijack.UserInit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, userinit.exeC:\Users\Philipp\AppData\Roaming\appconf32.exe,, Good: (userinit.exe), Bad: (userinit.exeC:\Users\Philipp\AppData\Roaming\appconf32.exe,),Replaced,[793d891a48339c9aed83cce3040014ec]

Folders: 14
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy, Quarantined, [04b2198a84f78fa703778621a9594bb5], 
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\355B506BF614408DA51F133FC6889774, Quarantined, [04b2198a84f78fa703778621a9594bb5], 
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\419525A857F34EC595BC8A250B5AB8DB, Quarantined, [04b2198a84f78fa703778621a9594bb5], 
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\94DA95EA04E5492FA2524AE79BD4631D, Quarantined, [04b2198a84f78fa703778621a9594bb5], 
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\E341D6E234354D9DADC031AE32D148AF, Quarantined, [04b2198a84f78fa703778621a9594bb5], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Temp\mt_ffx\Softonic, Quarantined, [189eefb4601b3501837b9e10fe0418e8], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Temp\mt_ffx\Softonic\Softonic, Quarantined, [189eefb4601b3501837b9e10fe0418e8], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14, Quarantined, [189eefb4601b3501837b9e10fe0418e8], 
PUP.Optional.SimpleNewTab.A, C:\Users\Philipp\AppData\Local\simple_new_tab, Quarantined, [cfe75c47aad16bcb8d1673431de55fa1], 
PUP.Optional.SimpleNewTab.A, C:\Users\Philipp\AppData\Local\simple_new_tab\htmls, Quarantined, [cfe75c47aad16bcb8d1673431de55fa1], 
PUP.Optional.OfferMosquito.A, C:\Users\Philipp\AppData\Roaming\OfferMosquito, Quarantined, [c6f0e9bab6c56bcb2d770ea83ec4cc34], 
PUP.Optional.OfferMosquito.A, C:\Users\Philipp\AppData\Local\ext_offermosquito, Quarantined, [15a162419fdc8caab4f1882ebd4546ba], 

Files: 34
PUP.Optional.SimpleNewTab.A, C:\Users\Philipp\AppData\Local\simple_new_tab\simple_new_tab.dll, Quarantined, [15a1bee5a1dabc7ac92d015a5da5768a], 
PUP.Optional.OfferMosquito, C:\Users\Philipp\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll, Quarantined, [c7efb2f1c9b2da5c47a15a0600027789], 
PUP.Optional.OpenCandy.A, C:\Users\Philipp\AppData\Roaming\OpenCandy\355B506BF614408DA51F133FC6889774\Softonic_chr_p1v6.exe, Quarantined, [486ea201097280b6a5b7910560a4ef11], 
PUP.Optional.Conduit.A, C:\Users\Philipp\AppData\Roaming\OpenCandy\E341D6E234354D9DADC031AE32D148AF\sp-downloader.exe, Quarantined, [cde96340fc7f9a9c0b2aff269d646f91], 
PUP.Optional.SearchProtect.A, C:\Users\Philipp\AppData\Local\Temp\nsm6C0A.exe, Quarantined, [7d394f54e992cb6b2ddc59d9956ca25e], 
PUP.Optional.SearchProtect.A, C:\Users\Philipp\AppData\Local\Temp\nsmA999.exe, Quarantined, [e9cd9b087407d85e7a8fc86a51b07c84], 
PUP.Optional.SearchProtect.A, C:\Users\Philipp\AppData\Local\Temp\nswA3BE.exe, Quarantined, [496de7bc84f7b1857c8d171b9071639d], 
PUP.Optional.SearchProtect.A, C:\Users\Philipp\AppData\Local\Temp\nszDD91.exe, Quarantined, [8531d4cf18630c2ae62360d2ff0205fb], 
PUP.Optional.SearchProtect.A, C:\Users\Philipp\AppData\Local\Temp\nsg7203.exe, Quarantined, [4e68099aea91b58169a07db53dc4db25], 
PUP.Optional.OfferMosquito.A, C:\Users\Philipp\AppData\Local\omesuperv.exe, Quarantined, [50665e45a2d9ba7c2949cd51e020cf31], 
PUP.Optional.OfferMosquito.A, C:\Users\Philipp\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll, Quarantined, [c2f4faa9cbb0f541423017070cf4ec14], 
PUP.Optional.OfferMosquito.A, C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\extensions\om@offermosquito.com.xpi, Quarantined, [a2146340b8c36acca5cc0dcc7c8631cf], 
PUP.Optional.Conduit.A, C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\searchplugins\conduit-search.xml, Quarantined, [dfd7535087f4b185dbf2ec3b61a3768a], 
PUP.Optional.DataMgr.A, C:\Users\Philipp\AppData\Roaming\DataMgr\DataMgr.exe, Quarantined, [eec8772cee8dcd695cd88f9b1ee6c739], 
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\419525A857F34EC595BC8A250B5AB8DB\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe, Quarantined, [04b2198a84f78fa703778621a9594bb5], 
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\94DA95EA04E5492FA2524AE79BD4631D\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, Quarantined, [04b2198a84f78fa703778621a9594bb5], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\appCntrl.js, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.html, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.js, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\chMntz.dll, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CrmAdpt.dll, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ct.js, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CTB.dll, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\dpk.js, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.htm, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.js, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\json2.min.js, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\logo.png, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\manifest.json, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\pref.json, Quarantined, [7343089b2b50bf778f6d8826e121916f], 
PUP.Optional.Softonic.A, C:\Users\Philipp\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14\softonic.xpi, Quarantined, [189eefb4601b3501837b9e10fe0418e8], 
PUP.Optional.SimpleNewTab.A, C:\Users\Philipp\AppData\Local\simple_new_tab\htmls\index.html, Quarantined, [cfe75c47aad16bcb8d1673431de55fa1], 
PUP.Optional.OfferMosquito.A, C:\Users\Philipp\AppData\Local\ext_offermosquito\atl100.dll, Quarantined, [15a162419fdc8caab4f1882ebd4546ba], 
PUP.Optional.OfferMosquito.A, C:\Users\Philipp\AppData\Local\ext_offermosquito\msvcr100d.dll, Quarantined, [15a162419fdc8caab4f1882ebd4546ba], 

Physical Sectors: 0
(No malicious items detected)


(end)
         

und nochmal frst:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Philipp (administrator) on PHILIPP-PC on 25-07-2014 16:30:45
Running from C:\Users\Philipp\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-01-12] (RealNetworks, Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exeC:\Users\Philipp\AppData\Roaming\appconf32.exe, [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent 
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [TBPanel] => C:\Program Files (x86)\Vtune\TBPanel.exe [2240512 2011-03-11] ()
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [Sixth] => C:\Users\Philipp\AppData\Roaming\Sixth\Sixth.exe [63625 2014-07-19] ()
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6066F458BE00CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {A4827E58-C93E-4F08-9F6C-BB5D1A81F789} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=30335ed800000000000000c0ca660cb0&r=546
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\Philipp\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\Extensions\abs@avira.com [2014-07-03]
FF Extension: Simple New Tab - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\y3zqodpt.default-1388877656198\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Philipp\AppData\Roaming\5053
FF Extension: Java String Helper - C:\Users\Philipp\AppData\Roaming\5053 [2011-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-12]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Philipp\AppData\Roaming\5053
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-12-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-12-16] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Realtek11nCU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-19] () [File not signed]
S3 TBPanel; No ImagePath
U3 aipioepf; C:\Windows\System32\Drivers\aipioepf.sys [0 ] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 15:28 - 2014-07-25 15:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-25 15:27 - 2014-07-25 15:27 - 02347384 _____ (ESET) C:\Users\Philipp\Desktop\esetsmartinstaller_deu.exe
2014-07-25 15:18 - 2014-07-25 15:18 - 00004899 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-07-25 15:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-25 15:10 - 2014-07-25 15:15 - 00000000 ____D () C:\AdwCleaner
2014-07-25 15:08 - 2014-07-25 15:08 - 00013004 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-07-25 14:08 - 2014-07-25 16:30 - 00020079 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-07-25 14:08 - 2014-07-25 14:08 - 00042111 _____ () C:\Users\Philipp\Desktop\Addition.txt
2014-07-25 14:07 - 2014-07-25 14:07 - 01354223 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.216.exe
2014-07-25 14:02 - 2014-07-25 15:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 13:55 - 2014-07-25 13:55 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-25 13:55 - 2014-07-25 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-25 13:54 - 2014-07-25 13:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-25 13:54 - 2014-07-25 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 13:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-25 13:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-25 13:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-25 13:46 - 2014-07-25 16:31 - 00000000 ____D () C:\FRST
2014-07-25 13:44 - 2014-07-25 13:45 - 02093568 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-07-23 18:16 - 2014-07-23 18:16 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Sixth
2014-07-10 14:42 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 14:42 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 14:42 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 14:42 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 14:42 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 14:42 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 14:42 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 14:42 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 14:42 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 14:42 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 14:42 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 14:42 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 14:42 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 14:42 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 14:42 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 14:42 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 14:42 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 14:42 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 14:41 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 14:41 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 14:41 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 14:41 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 14:41 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 14:41 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 14:41 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 14:41 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 14:41 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 14:41 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 14:41 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 14:41 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 14:41 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 14:41 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 14:41 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 14:41 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 14:41 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 14:41 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 14:41 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 14:41 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 14:41 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 14:41 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 14:41 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 14:41 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 14:41 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 14:41 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 14:41 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 14:41 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 14:41 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 14:41 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 14:41 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 14:41 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 14:41 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 14:41 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 14:41 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 14:41 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 14:41 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 14:41 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 14:41 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 14:41 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 14:33 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 14:33 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 14:33 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 14:32 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 14:32 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 14:32 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 14:20 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 14:20 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 14:19 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 14:19 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 14:19 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 10:49 - 2014-07-08 10:50 - 10754044 _____ () C:\Users\Philipp\Downloads\TNT - First Match 2011 (Album Mix) (HQ HD)(3D)(360p_H.264-AAC).mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 16:34 - 2014-07-25 14:08 - 00020079 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-07-25 16:31 - 2014-07-25 13:46 - 00000000 ____D () C:\FRST
2014-07-25 16:01 - 2012-04-26 19:23 - 00000260 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-07-25 15:53 - 2014-01-26 21:14 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 15:28 - 2014-07-25 15:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-25 15:27 - 2014-07-25 15:27 - 02347384 _____ (ESET) C:\Users\Philipp\Desktop\esetsmartinstaller_deu.exe
2014-07-25 15:22 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 15:22 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 15:18 - 2014-07-25 15:18 - 00004899 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-07-25 15:17 - 2014-05-07 20:58 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-86684829-2595615720-3932305003-1001
2014-07-25 15:17 - 2014-01-26 21:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 15:17 - 2014-01-12 21:11 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-86684829-2595615720-3932305003-1001
2014-07-25 15:17 - 2012-12-24 14:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-25 15:17 - 2010-12-18 20:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-25 15:17 - 2010-12-18 20:10 - 00371886 _____ () C:\Windows\PFRO.log
2014-07-25 15:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 15:17 - 2009-07-14 06:51 - 00138462 _____ () C:\Windows\setupact.log
2014-07-25 15:16 - 2010-12-18 18:23 - 01319367 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 15:15 - 2014-07-25 15:10 - 00000000 ____D () C:\AdwCleaner
2014-07-25 15:08 - 2014-07-25 15:08 - 00013004 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-07-25 15:00 - 2014-07-25 14:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 14:08 - 2014-07-25 14:08 - 00042111 _____ () C:\Users\Philipp\Desktop\Addition.txt
2014-07-25 14:07 - 2014-07-25 14:07 - 01354223 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.216.exe
2014-07-25 13:55 - 2014-07-25 13:55 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-25 13:55 - 2014-07-25 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-25 13:55 - 2014-07-25 13:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-25 13:54 - 2014-07-25 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 13:45 - 2014-07-25 13:44 - 02093568 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-07-25 13:10 - 2012-05-12 21:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 13:10 - 2012-05-12 21:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 21:51 - 2012-05-12 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 21:14 - 2010-12-18 19:43 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-07-24 21:06 - 2009-07-14 19:58 - 00713594 _____ () C:\Windows\system32\perfh007.dat
2014-07-24 21:06 - 2009-07-14 19:58 - 00155530 _____ () C:\Windows\system32\perfc007.dat
2014-07-24 21:06 - 2009-07-14 07:13 - 01658844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 18:16 - 2014-07-23 18:16 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Sixth
2014-07-11 13:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 11:27 - 2009-07-14 06:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 11:24 - 2014-05-06 21:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 11:24 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 11:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 11:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 22:18 - 2010-12-19 16:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 22:17 - 2013-07-24 22:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 22:13 - 2009-10-14 07:12 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 13:26 - 2013-07-02 19:24 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 11:10 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-08 10:50 - 2014-07-08 10:49 - 10754044 _____ () C:\Users\Philipp\Downloads\TNT - First Match 2011 (Album Mix) (HQ HD)(3D)(360p_H.264-AAC).mp4
2014-07-07 23:48 - 2010-12-19 16:19 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\vlc
2014-07-02 12:30 - 2014-01-12 21:05 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-86684829-2595615720-3932305003-1001
2014-07-02 12:30 - 2014-01-12 21:05 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-86684829-2595615720-3932305003-1001
2014-06-30 04:09 - 2014-07-10 14:20 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-10 14:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Philipp\AppData\Local\Temp\AskSLib.dll
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\contentDATs.exe
C:\Users\Philipp\AppData\Local\Temp\CTPBSeq.exe
C:\Users\Philipp\AppData\Local\Temp\EAD17F2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD26A2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD5E16.exe
C:\Users\Philipp\AppData\Local\Temp\EAD5E26.exe
C:\Users\Philipp\AppData\Local\Temp\EAD5E64.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6086.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6151.exe
C:\Users\Philipp\AppData\Local\Temp\EAD621C.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6325.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6326.exe
C:\Users\Philipp\AppData\Local\Temp\EAD647C.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6585.exe
C:\Users\Philipp\AppData\Local\Temp\EAD65D3.exe
C:\Users\Philipp\AppData\Local\Temp\EAD65D4.exe
C:\Users\Philipp\AppData\Local\Temp\EAD65F2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6621.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6631.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6650.exe
C:\Users\Philipp\AppData\Local\Temp\EAD671B.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6759.exe
C:\Users\Philipp\AppData\Local\Temp\EAD67A7.exe
C:\Users\Philipp\AppData\Local\Temp\EAD67B7.exe
C:\Users\Philipp\AppData\Local\Temp\EAD67B8.exe
C:\Users\Philipp\AppData\Local\Temp\EAD67C6.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6805.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6834.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6853.exe
C:\Users\Philipp\AppData\Local\Temp\EAD68A1.exe
C:\Users\Philipp\AppData\Local\Temp\EAD68FE.exe
C:\Users\Philipp\AppData\Local\Temp\EAD692D.exe
C:\Users\Philipp\AppData\Local\Temp\EAD695C.exe
C:\Users\Philipp\AppData\Local\Temp\EAD69BA.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6A36.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6A65.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6A75.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6A84.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6B6E.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6BCC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6C39.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6C58.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6C59.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6C87.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6D14.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6D42.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6D71.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6DB0.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6DBF.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6E5B.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6E9A.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6EB9.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6EBA.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6ED8.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6EF7.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6EF8.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6FB2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD6FE1.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7158.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7196.exe
C:\Users\Philipp\AppData\Local\Temp\EAD71D4.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7270.exe
C:\Users\Philipp\AppData\Local\Temp\EAD734B.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7389.exe
C:\Users\Philipp\AppData\Local\Temp\EAD73B8.exe
C:\Users\Philipp\AppData\Local\Temp\EAD73D7.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7406.exe
C:\Users\Philipp\AppData\Local\Temp\EAD74C1.exe
C:\Users\Philipp\AppData\Local\Temp\EAD74D1.exe
C:\Users\Philipp\AppData\Local\Temp\EAD74D2.exe
C:\Users\Philipp\AppData\Local\Temp\EAD751F.exe
C:\Users\Philipp\AppData\Local\Temp\EAD753E.exe
C:\Users\Philipp\AppData\Local\Temp\EAD753F.exe
C:\Users\Philipp\AppData\Local\Temp\EAD754E.exe
C:\Users\Philipp\AppData\Local\Temp\EAD758C.exe
C:\Users\Philipp\AppData\Local\Temp\EAD75AB.exe
C:\Users\Philipp\AppData\Local\Temp\EAD75AC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD75DA.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7638.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7686.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7695.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7696.exe
C:\Users\Philipp\AppData\Local\Temp\EAD76C4.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7770.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77BE.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77CD.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77EC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77FC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD77FD.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7898.exe
C:\Users\Philipp\AppData\Local\Temp\EAD79C0.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7A0F.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7B08.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7B95.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7BA4.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7BC3.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7C50.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7C6F.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7C70.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7CAD.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7CDC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7D2A.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7DE5.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7E43.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7E91.exe
C:\Users\Philipp\AppData\Local\Temp\EAD7F3D.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8017.exe
C:\Users\Philipp\AppData\Local\Temp\EAD81EB.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8297.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8342.exe
C:\Users\Philipp\AppData\Local\Temp\EAD848A.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8499.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8516.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8526.exe
C:\Users\Philipp\AppData\Local\Temp\EAD85A3.exe
C:\Users\Philipp\AppData\Local\Temp\EAD86AC.exe
C:\Users\Philipp\AppData\Local\Temp\EAD86FA.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8738.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8803.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8A92.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8BBB.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8C09.exe
C:\Users\Philipp\AppData\Local\Temp\EAD8DCD.exe
C:\Users\Philipp\AppData\Local\Temp\EAD90C9.exe
C:\Users\Philipp\AppData\Local\Temp\EAD9201.exe
C:\Users\Philipp\AppData\Local\Temp\EAD94DF.exe
C:\Users\Philipp\AppData\Local\Temp\EAD9D95.exe
C:\Users\Philipp\AppData\Local\Temp\EADAD2F.exe
C:\Users\Philipp\AppData\Local\Temp\EADBB14.exe
C:\Users\Philipp\AppData\Local\Temp\EADC3DA.exe
C:\Users\Philipp\AppData\Local\Temp\EADC63B.exe
C:\Users\Philipp\AppData\Local\Temp\EADCAC.exe
C:\Users\Philipp\AppData\Local\Temp\EADF66E.exe
C:\Users\Philipp\AppData\Local\Temp\eauninstall.exe
C:\Users\Philipp\AppData\Local\Temp\First15.exe
C:\Users\Philipp\AppData\Local\Temp\install_flashplayer11x32_mssa_awc_aih.exe
C:\Users\Philipp\AppData\Local\Temp\install_flashplayer11x32_mssa_awc_aih_1.exe
C:\Users\Philipp\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Philipp\AppData\Local\Temp\msvcr80.dll
C:\Users\Philipp\AppData\Local\Temp\Quarantine.exe
C:\Users\Philipp\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Philipp\AppData\Local\Temp\SimPack.exe
C:\Users\Philipp\AppData\Local\Temp\stubhelper.dll
C:\Users\Philipp\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Philipp\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Philipp\AppData\Local\Temp\VIS_DE-2013-12-13.exe
C:\Users\Philipp\AppData\Local\Temp\VP6Install.exe
C:\Users\Philipp\AppData\Local\Temp\VP6VFW.dll
C:\Users\Philipp\AppData\Local\Temp\zlib1.dll
C:\Users\Philipp\AppData\Local\Temp\_is96DB.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 11:11

==================== End Of Log ============================
         
--- --- ---


Alt 26.07.2014, 13:45   #6
sunjojo
/// Malwareteam
 
Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet - Standard

Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet



Alles klar:



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Winlogon: [Userinit] userinit.exeC:\Users\Philipp\AppData\Roaming\appconf32.exe, [X]
C:\Users\Philipp\AppData\Roaming\appconf32.exe
HKU\S-1-5-21-86684829-2595615720-3932305003-1001\...\Run: [Sixth] => C:\Users\Philipp\AppData\Roaming\Sixth\Sixth.exe [63625 2014-07-19] ()
C:\Users\Philipp\AppData\Roaming\Sixth
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {A4827E58-C93E-4F08-9F6C-BB5D1A81F789} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=30335ed800000000000000c0ca660cb0&r=546
FF HKLM-x32\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Philipp\AppData\Roaming\5053
FF Extension: Java String Helper - C:\Users\Philipp\AppData\Roaming\5053 [2011-12-07]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Philipp\AppData\Roaming\5053
C:\Users\Philipp\AppData\Roaming\5053
Reboot:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Ich empfehle dir unbedingt alle Passwörter zu ändern (auch Online Banking), da du Malware auf dem Rechner hattest, die Passwörter mitliest.



Poste folgende Logfiles in deiner nächsten Antwort:
  • Fixlog.txt
  • log.txt
  • FRST.txt
__________________
--> Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet

Antwort

Themen zu Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet
conduit-search, conduit-search entfernen, hijack.userinit, pup.optional.conduit.a, pup.optional.datamgr.a, pup.optional.offermosquito, pup.optional.offermosquito.a, pup.optional.opencandy, pup.optional.opencandy.a, pup.optional.searchprotect.a, pup.optional.simplenewtab.a, pup.optional.softonic.a, trojan.banker



Ähnliche Themen: Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet


  1. http://search.fbdownloader.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (9)
  2. http://search.fbdownloader.com/?channel=de_nt
    Log-Analyse und Auswertung - 29.08.2014 (15)
  3. http://search.fbdownloader.com/?channel=de als neue Startseite
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (53)
  4. http://search.fbdownloader.com/?channel=de - Hilfe gesucht
    Log-Analyse und Auswertung - 08.08.2014 (10)
  5. http://search.fbdownloader.com/?channel=de_nt auf Windows 7 Rechner
    Plagegeister aller Art und deren Bekämpfung - 08.08.2014 (21)
  6. http://search.fbdownloader.com/?channel=de
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (11)
  7. Entfernen von http://search.fbdownloader.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (6)
  8. http://search.fbdownloader.com/?channel=de_nt entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  9. http://search.fbdownloader.com/?channel=deg -Virus
    Log-Analyse und Auswertung - 04.05.2014 (19)
  10. http://search.fbdownloader.com/?channel=deg_nt
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (7)
  11. WIN 7: Trojaner-Link erscheint in jedem Browser: http://search.fbdownloader.com/?channel=de
    Log-Analyse und Auswertung - 24.03.2014 (10)
  12. http://search.fbdownloader.com/?channel=de_nt
    Log-Analyse und Auswertung - 18.03.2014 (18)
  13. http://search.fbdownloader.com/?channel=de - unerwünschte Startseiten
    Plagegeister aller Art und deren Bekämpfung - 22.02.2014 (22)
  14. http://search.fbdownloader.com/?channel=de Ist es gefährlich und wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 12.02.2014 (1)
  15. Virus: Browserstartseite: http://search.fbdownloader.com/?channel=sfde203fbdgy21
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (9)
  16. http://wisersearch.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (8)
  17. Ungewollte Startseiten: *http://wisersearch.com/?channel=de_nt* und *http://search.fbdownloader.com/?channel=sfde203fbdgy21*
    Log-Analyse und Auswertung - 16.12.2013 (13)

Zum Thema Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet - Hallo, ich habe folgendes Problem: Wenn ich Firefox öffne erscheint nicht wie gewohnt meine Google-Startseite sondern eine ähnlich aussehende Seite mit der Adresse hxxp://search.fbdownloader.com/?channel=de_nt Wie ich hier schon in anderen - Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet...
Archiv
Du betrachtest: Anstatt Google wird die Adresse http://search.fbdownloader.com/?channel=de_nt geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.