Zurück   Trojaner-Board > Web/PC > Alles rund um Windows

Alles rund um Windows: TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 - als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Antwort
Alt 04.08.2014, 11:11   #1
Conny 12
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

Problem: TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe



Hallo liebe Leute
Mein Virenscanner hat diesen Trojaner
gefunden.Was muss ich anstellen das der
verschwindet?
Ich habe Windows 8

Viele Grüße

Alt 04.08.2014, 11:12   #2
M-K-D-B
/// TB-Ausbilder
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Anleitung / Hilfe






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 04.08.2014, 15:13   #3
Conny 12
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Details



Hallo Mathias, vielen Dank für deine schnelle Hilfe.
Habe mir sofort dieses FRST 64 gedownloadet und es steht dort:
Scan completed. The FRST. txt is saved in the Same location FRST
Tool is run

Grüße Conny

Code:
ATTFilter
  
Ran by contesssa at 2014-08-04 15:24:44
Running from C:\Users\contesssa\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar Engine (HKCU\...\{f6f7e3e1-d1e6-4adc-b2c8-4f9946a84573}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {016ACFEA-DA8C-4876-8FC2-9C805E17B27A} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {028F7BA2-6F53-4A86-973A-B72EBE6D73A6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11713C7D-CDD5-4ED6-A865-89685117D6DE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {15CFED45-5261-4590-A96F-47EBB8A1961D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {252B4049-B651-413C-BA1A-8ED507AC2CF1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-14] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31C2A7A0-4892-4BD0-AD93-4A752D1796A5} - System32\Tasks\Lenovo\LenovoMachineInformation => C:\Program Files\lenovo\SystemAgent\MachineInformation.exe [2013-05-02] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41B089C1-D45B-41BD-A1C7-B07E874EF3EE} - System32\Tasks\Lenovo\LenovoWarrantyChinaTask => C:\Program Files\lenovo\SystemAgent\ChinaWarrantyService.exe [2013-05-02] ()
Task: {426DCB08-A02B-4FB9-946D-BC7C67582C9F} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4ADE1941-F662-4498-8972-B198A70241BF} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-05-02] ()
Task: {56D08866-7230-4027-8156-E5E5D4769F62} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {578DA71D-4792-49E5-A998-82BD10017897} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {60493F07-B1C4-41E4-A8EC-C27F39C6D080} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {6A22210D-76C7-4A29-AFE1-B08943249160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75F8F903-08EB-4B44-9085-24A60DBAD7E0} - \BlockAndSurf_wd No Task File <==== ATTENTION
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EEFEB6A-289F-4D4E-9025-A535969B0364} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BBE35F4-B154-44E9-8EE1-F97AA729CA0A} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {8C93EE21-3136-4695-881A-2F45783050C1} - System32\Tasks\SoftUpdateLogon => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {927CF79C-0219-4928-9A28-263935B64716} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1361BB9-0188-439D-9100-D20F39CDF21E} - System32\Tasks\SoftUpdateDaily => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {A56F93A8-C213-4A7D-90F0-3EE0E5551C59} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {A84F5E42-9540-465D-93A1-6F21C5426E8D} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {AA05510B-0EE5-4260-9FB0-84CE84E4290A} - System32\Tasks\Lenovo\LenovoUserguidesCopy => C:\Program Files\lenovo\SystemAgent\UserguidesCopy.exe [2013-05-02] ()
Task: {B379786F-D38D-47CD-AB65-82CA8CF66164} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {B8A14DF3-0A9A-437A-B5D8-9D3CF10694E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {C4583446-F249-471E-B139-442A743C0538} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D97C9F57-3822-4C1D-9B29-ACDB7995D42B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 21:52 - 2014-04-25 21:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7a891719ed7b38bb959d812adc580f5c\PSIClient.ni.dll
2013-07-23 14:55 - 2012-10-23 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\contesssa\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "fst_de_99"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2014 09:53:27 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (08/04/2014 09:11:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Mein CEWE FOTOBUCH.exe, Version: 0.0.0.0, Zeitstempel: 0x5241e45f
Name des fehlerhaften Moduls: CWFoto0.dll, Version: 0.1.0.0, Zeitstempel: 0x5241dd36
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000285cb
ID des fehlerhaften Prozesses: 0xed8
Startzeit der fehlerhaften Anwendung: 0xMein CEWE FOTOBUCH.exe0
Pfad der fehlerhaften Anwendung: Mein CEWE FOTOBUCH.exe1
Pfad des fehlerhaften Moduls: Mein CEWE FOTOBUCH.exe2
Berichtskennung: Mein CEWE FOTOBUCH.exe3
Vollständiger Name des fehlerhaften Pakets: Mein CEWE FOTOBUCH.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Mein CEWE FOTOBUCH.exe5

Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13625

Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13625

Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59109

Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59109

Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2014 02:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13859

Error: (07/20/2014 02:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13859


System errors:
=============
Error: (08/04/2014 10:48:47 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:48:11 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:47:58 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:47:21 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (08/04/2014 09:53:27 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (08/04/2014 09:11:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mein CEWE FOTOBUCH.exe0.0.0.05241e45fCWFoto0.dll0.1.0.05241dd36c0000005000285cbed801cfafb333e7c78aC:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exeC:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CWFoto0.dll83f3169c-1ba6-11e4-bea7-50af735ae431

Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13625

Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13625

Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59109

Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59109

Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2014 02:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13859

Error: (07/20/2014 02:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13859


CodeIntegrity Errors:
===================================
  Date: 2014-07-20 13:18:25.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.

  Date: 2014-07-20 13:18:12.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.

  Date: 2014-02-25 21:57:06.854
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-02-25 21:57:06.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-03 01:10:55.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-03 00:59:03.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 09:18:13.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 08:44:57.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 08:38:59.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 01:14:32.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3975.27 MB
Available physical RAM: 2291.64 MB
Total Pagefile: 8071.27 MB
Available Pagefile: 6205.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.23 GB) (Free:370.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3FD8BFE0)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
jetzt hab ich es verstanden ....
__________________

Alt 05.08.2014, 08:41   #4
M-K-D-B
/// TB-Ausbilder
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

Lösung: TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe



Servus,


FRST.txt fehlt noch, bitte posten.
__________________
offline: 12.08. bis 02.09.

_________________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 06.08.2014, 07:42   #5
Conny 12
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

Wie TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe



Guten Morgen : )
Code:
ATTFilter
           
Ran by contesssa (administrator) on CONNY on 06-08-2014 08:34:53
Running from C:\Users\contesssa\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [GoogleChromeAutoLaunch_8856B223242C46EC7E7BB0B38EB6BDE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:50714;https=127.0.0.1:50714
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {B8685F37-302D-4748-8F8A-0CC05A05EA7B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL: 
CHR Extension: (Avira Sparberater) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-02] (LENOVO INCORPORATED.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-24] (Intel(R) Corporation) [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-09] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64; C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys [61120 2014-07-03] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:24 - 2014-08-04 15:25 - 00025131 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 15:23 - 2014-08-06 08:35 - 00015909 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-04 15:19 - 2014-08-06 08:34 - 00000000 ____D () C:\FRST
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:56 - 2014-08-04 15:20 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 14:55 - 2014-08-04 14:55 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8 (1).exe
2014-08-04 14:51 - 2014-08-04 14:51 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8.exe
2014-08-04 10:23 - 2014-08-06 08:32 - 00102853 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 11:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-21 11:10 - 2014-07-21 11:10 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-21 11:10 - 2014-07-21 11:10 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Local_Weather_LLC
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-21 10:29 - 2014-07-21 10:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-16 23:00 - 2014-07-03 16:22 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys
2014-07-15 00:37 - 2014-07-19 13:00 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-14 21:08 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 09:31 - 2014-07-10 09:35 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:07 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 09:07 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 09:07 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 09:07 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 09:07 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 09:07 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 09:07 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 09:07 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 09:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 09:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 09:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 09:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 09:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 09:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 09:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 09:06 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 09:06 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 09:06 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 09:06 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 09:06 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 09:06 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 09:06 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 09:06 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 09:06 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 09:06 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 09:06 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 08:35 - 2014-08-04 15:23 - 00015909 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-06 08:34 - 2014-08-04 15:19 - 00000000 ____D () C:\FRST
2014-08-06 08:34 - 2013-10-18 00:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1714798670-2283502341-2433251003-1001
2014-08-06 08:33 - 2014-01-29 17:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85B33DF1-38E0-4A33-B992-7D2DC8C2FBAA}
2014-08-06 08:32 - 2014-08-04 10:23 - 00102853 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-06 08:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-06 08:30 - 2014-02-26 14:46 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-06 08:30 - 2014-02-26 14:46 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 08:30 - 2014-01-10 00:24 - 00000000 __RDO () C:\Users\contesssa\SkyDrive
2014-08-06 08:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:47 - 2014-02-26 14:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-04 15:25 - 2014-08-04 15:24 - 00025131 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 15:20 - 2014-08-04 14:56 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:55 - 2014-08-04 14:55 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8 (1).exe
2014-08-04 14:51 - 2014-08-04 14:51 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8.exe
2014-08-04 11:40 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-04 10:48 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:40 - 2013-10-23 18:45 - 00000000 ____D () C:\Conny
2014-08-04 09:11 - 2013-10-26 15:04 - 00000000 ____D () C:\ProgramData\tmp
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-08-04 08:51 - 2014-01-09 23:17 - 00000000 ____D () C:\Users\contesssa
2014-08-03 11:50 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-03 11:50 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-03 11:50 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-23 21:30 - 2013-10-27 22:03 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Skype
2014-07-22 11:56 - 2014-03-13 21:38 - 00000182 _____ () C:\Users\contesssa\AppData\Local\RegisteredPackageInformation.xml
2014-07-22 11:52 - 2013-10-17 16:57 - 00000000 ___RD () C:\Users\contesssa\Desktop\Anwendungen
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-22 11:43 - 2013-10-27 21:46 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-22 11:27 - 2013-10-27 16:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-22 01:30 - 2013-10-27 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 11:10 - 2014-07-21 11:10 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-21 11:10 - 2014-07-21 11:10 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Local_Weather_LLC
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:41 - 2014-07-21 10:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-20 13:27 - 2014-04-14 14:56 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-07-19 13:00 - 2014-07-15 00:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 11:58 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-15 16:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 14:34 - 2014-03-17 13:28 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 00:37 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 00:30 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 21:19 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 21:17 - 2013-10-25 14:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-14 21:15 - 2013-10-25 14:05 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-14 21:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 10:02 - 2013-10-26 15:33 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nitro PDF
2014-07-10 09:35 - 2014-07-10 09:31 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 19:47 - 2014-02-26 14:45 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\contesssa\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-04 15:29

==================== End Of Log ============================
         


Alt 06.08.2014, 09:23   #6
M-K-D-B
/// TB-Ausbilder
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

Wo TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Lösung!



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
--> TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe

Alt 07.08.2014, 15:13   #7
Conny 12
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe



Hallo Mathias,,
Habe Schritt 1&2 versucht aber gescheitert.
1- hatte auf Suche gedrückt,es ist durchgelaufen
und es ging wegen einem Problem nicht zum Ende
:-( 2- habe ich gedownloadet = da stand : nicht
genügend Sytemressourcen,um den Dienst auszuführen.
Dann sprang mein antivir an und da war ein neuer Virus
Drauf:-(

Alt 07.08.2014, 19:51   #8
M-K-D-B
/// TB-Ausbilder
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe



Zitat:
Zitat von Conny 12 Beitrag anzeigen
Hallo Mathias,,
Habe Schritt 1&2 versucht aber gescheitert.
1- hatte auf Suche gedrückt,es ist durchgelaufen
und es ging wegen einem Problem nicht zum Ende
:-( 2- habe ich gedownloadet = da stand : nicht
genügend Sytemressourcen,um den Dienst auszuführen.
Dann sprang mein antivir an und da war ein neuer Virus
Drauf:-(
Alles schön und gut, aber ich brauche genauere Informationen:

1)
Welches Problem ist bei AdwCleaner erschienen? Wie lautet die Fehlermeldung? Was passiert genau?

2)
Wo hat Avira welche Art von Malware gefunden? Poste einen Bericht von Avira (wird abgespeichert) mit Namen und Pfad zur Datei.


  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.
__________________
offline: 12.08. bis 02.09.

_________________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 08.08.2014, 09:34   #9
Conny 12
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe



Guten Morgen Mathias
Code:
ATTFilter
   

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 7. August 2014  13:57


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 8.1
Windowsversion : (plain)  [6.2.9200]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : CONNY

Versionsinformationen:
BUILD.DAT      : 14.0.6.552     92022 Bytes  23.07.2014 13:29:00
AVSCAN.EXE     : 14.0.6.548   1046608 Bytes  07.08.2014 09:58:58
AVSCANRC.DLL   : 14.0.6.522     62544 Bytes  07.08.2014 09:58:58
LUKE.DLL       : 14.0.6.522     57936 Bytes  07.08.2014 09:59:14
AVSCPLR.DLL    : 14.0.6.548     92752 Bytes  07.08.2014 09:58:59
AVREG.DLL      : 14.0.6.522    262224 Bytes  07.08.2014 09:58:57
avlode.dll     : 14.0.6.526    603728 Bytes  07.08.2014 09:58:56
avlode.rdf     : 14.0.4.42      65114 Bytes  19.07.2014 09:55:23
XBV00008.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:49
XBV00009.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:49
XBV00010.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:49
XBV00011.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:49
XBV00012.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00013.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00014.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00015.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00016.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00017.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00018.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00019.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00020.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00021.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00022.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00023.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00024.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00025.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00026.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00027.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00028.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00029.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00030.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00031.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:50
XBV00032.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00033.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00034.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00035.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00036.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00037.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00038.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00039.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00040.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00041.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 16:44:51
XBV00209.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:25
XBV00210.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:25
XBV00211.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:25
XBV00212.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:25
XBV00213.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:25
XBV00214.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:25
XBV00215.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:25
XBV00216.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00217.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00218.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00219.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00220.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00221.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00222.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00223.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00224.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00225.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00226.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00227.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00228.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00229.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00230.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:26
XBV00231.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00232.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00233.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00234.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00235.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00236.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00237.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00238.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00239.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00240.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00241.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00242.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00243.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00244.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00245.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00246.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00247.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00248.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00249.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00250.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00251.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00252.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00253.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00254.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:27
XBV00255.VDF   : 8.11.165.38     2048 Bytes  04.08.2014 09:59:28
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 10:00:51
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 10:00:51
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 10:00:51
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 10:00:51
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 10:00:51
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 10:00:51
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 07:46:22
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 15:26:20
XBV00042.VDF   : 8.11.153.142   710656 Bytes  06.06.2014 16:44:52
XBV00043.VDF   : 8.11.155.44  1013760 Bytes  16.06.2014 16:44:53
XBV00044.VDF   : 8.11.159.102  1662976 Bytes  08.07.2014 17:48:44
XBV00045.VDF   : 8.11.159.104    13824 Bytes  08.07.2014 17:48:44
XBV00046.VDF   : 8.11.159.108    13312 Bytes  08.07.2014 17:48:44
XBV00047.VDF   : 8.11.159.112    30720 Bytes  09.07.2014 17:48:44
XBV00048.VDF   : 8.11.159.114     6144 Bytes  09.07.2014 17:48:44
XBV00049.VDF   : 8.11.159.116    10240 Bytes  09.07.2014 17:48:44
XBV00050.VDF   : 8.11.159.118     5632 Bytes  09.07.2014 17:48:44
XBV00051.VDF   : 8.11.159.122     7168 Bytes  09.07.2014 17:48:44
XBV00052.VDF   : 8.11.159.126   180736 Bytes  09.07.2014 17:48:44
XBV00053.VDF   : 8.11.159.148   174080 Bytes  09.07.2014 07:03:00
XBV00054.VDF   : 8.11.159.168     2560 Bytes  09.07.2014 07:03:00
XBV00055.VDF   : 8.11.159.188    15360 Bytes  09.07.2014 07:03:00
XBV00056.VDF   : 8.11.159.210    25600 Bytes  09.07.2014 07:03:00
XBV00057.VDF   : 8.11.159.212     7168 Bytes  09.07.2014 07:03:00
XBV00058.VDF   : 8.11.159.218    27648 Bytes  10.07.2014 07:03:00
XBV00059.VDF   : 8.11.159.220     2048 Bytes  10.07.2014 07:03:00
XBV00060.VDF   : 8.11.159.222    29696 Bytes  10.07.2014 07:54:11
XBV00061.VDF   : 8.11.159.224   167936 Bytes  10.07.2014 07:54:11
XBV00062.VDF   : 8.11.159.226    35328 Bytes  10.07.2014 07:54:11
XBV00063.VDF   : 8.11.159.230   186368 Bytes  10.07.2014 07:54:11
XBV00064.VDF   : 8.11.159.250    16896 Bytes  10.07.2014 07:54:11
XBV00065.VDF   : 8.11.159.252     2048 Bytes  10.07.2014 07:54:11
XBV00066.VDF   : 8.11.160.16     6144 Bytes  10.07.2014 07:54:11
XBV00067.VDF   : 8.11.160.40    17408 Bytes  10.07.2014 07:54:11
XBV00068.VDF   : 8.11.160.42     2048 Bytes  11.07.2014 07:54:11
XBV00069.VDF   : 8.11.160.46   179200 Bytes  11.07.2014 07:54:11
XBV00070.VDF   : 8.11.160.48   203264 Bytes  11.07.2014 19:08:21
XBV00071.VDF   : 8.11.160.50     6144 Bytes  11.07.2014 19:08:25
XBV00072.VDF   : 8.11.160.52     2048 Bytes  11.07.2014 19:08:25
XBV00073.VDF   : 8.11.160.54     2048 Bytes  11.07.2014 19:08:25
XBV00074.VDF   : 8.11.160.58    22016 Bytes  11.07.2014 19:08:25
XBV00075.VDF   : 8.11.160.60     2048 Bytes  11.07.2014 19:08:25
XBV00076.VDF   : 8.11.160.62     8192 Bytes  11.07.2014 19:08:25
XBV00077.VDF   : 8.11.160.66   198656 Bytes  12.07.2014 19:08:26
XBV00078.VDF   : 8.11.160.68     7168 Bytes  12.07.2014 19:08:26
XBV00079.VDF   : 8.11.160.70    14848 Bytes  12.07.2014 19:08:26
XBV00080.VDF   : 8.11.160.72     7168 Bytes  12.07.2014 19:08:26
XBV00081.VDF   : 8.11.160.92    40448 Bytes  13.07.2014 19:08:28
XBV00082.VDF   : 8.11.160.112     2048 Bytes  13.07.2014 19:08:28
XBV00083.VDF   : 8.11.160.130   193024 Bytes  13.07.2014 19:08:28
XBV00084.VDF   : 8.11.160.132     2048 Bytes  13.07.2014 19:08:28
XBV00085.VDF   : 8.11.160.152    20480 Bytes  13.07.2014 19:08:28
XBV00086.VDF   : 8.11.160.154     2048 Bytes  13.07.2014 19:08:28
XBV00087.VDF   : 8.11.160.156    20992 Bytes  14.07.2014 19:08:28
XBV00088.VDF   : 8.11.160.158     2560 Bytes  14.07.2014 19:08:28
XBV00089.VDF   : 8.11.160.160    11264 Bytes  14.07.2014 19:08:28
XBV00090.VDF   : 8.11.160.162     2560 Bytes  14.07.2014 19:08:28
XBV00091.VDF   : 8.11.160.166    14336 Bytes  14.07.2014 19:08:28
XBV00092.VDF   : 8.11.160.168     5120 Bytes  14.07.2014 19:08:28
XBV00093.VDF   : 8.11.160.178     7168 Bytes  14.07.2014 19:08:28
XBV00094.VDF   : 8.11.160.180     2048 Bytes  14.07.2014 19:08:28
XBV00095.VDF   : 8.11.160.182     2048 Bytes  14.07.2014 19:08:28
XBV00096.VDF   : 8.11.160.188   256000 Bytes  14.07.2014 12:34:07
XBV00097.VDF   : 8.11.160.190     7680 Bytes  14.07.2014 12:34:07
XBV00098.VDF   : 8.11.160.194    18432 Bytes  15.07.2014 12:34:07
XBV00099.VDF   : 8.11.160.212   184832 Bytes  15.07.2014 12:34:07
XBV00100.VDF   : 8.11.160.230   289792 Bytes  15.07.2014 19:39:07
XBV00101.VDF   : 8.11.160.232     2048 Bytes  15.07.2014 19:39:07
XBV00102.VDF   : 8.11.160.234   176128 Bytes  15.07.2014 19:39:07
XBV00103.VDF   : 8.11.160.254    18432 Bytes  15.07.2014 19:39:07
XBV00104.VDF   : 8.11.161.16     6144 Bytes  16.07.2014 19:39:07
XBV00105.VDF   : 8.11.161.32     2048 Bytes  16.07.2014 19:39:07
XBV00106.VDF   : 8.11.161.34     2048 Bytes  16.07.2014 19:39:07
XBV00107.VDF   : 8.11.161.52    26624 Bytes  16.07.2014 19:39:07
XBV00108.VDF   : 8.11.161.68   184832 Bytes  16.07.2014 19:39:07
XBV00109.VDF   : 8.11.161.84     2048 Bytes  16.07.2014 19:39:08
XBV00110.VDF   : 8.11.162.2      2560 Bytes  16.07.2014 19:39:08
XBV00111.VDF   : 8.11.162.6     16896 Bytes  16.07.2014 09:55:23
XBV00112.VDF   : 8.11.162.8     24064 Bytes  16.07.2014 09:55:24
XBV00113.VDF   : 8.11.162.10     2560 Bytes  16.07.2014 09:55:24
XBV00114.VDF   : 8.11.162.14    41472 Bytes  17.07.2014 09:55:24
XBV00115.VDF   : 8.11.162.16     2048 Bytes  17.07.2014 09:55:24
XBV00116.VDF   : 8.11.162.18   215040 Bytes  17.07.2014 09:55:24
XBV00117.VDF   : 8.11.162.22   184320 Bytes  17.07.2014 09:55:24
XBV00118.VDF   : 8.11.162.40   258048 Bytes  17.07.2014 09:55:24
XBV00119.VDF   : 8.11.162.42     3584 Bytes  17.07.2014 09:55:24
XBV00120.VDF   : 8.11.162.58     3072 Bytes  17.07.2014 09:55:24
XBV00121.VDF   : 8.11.162.78     2048 Bytes  17.07.2014 09:55:24
XBV00122.VDF   : 8.11.162.94     2048 Bytes  17.07.2014 09:55:25
XBV00123.VDF   : 8.11.162.110    35840 Bytes  17.07.2014 09:55:25
XBV00124.VDF   : 8.11.162.112     2048 Bytes  18.07.2014 09:55:25
XBV00125.VDF   : 8.11.162.130    23040 Bytes  18.07.2014 09:55:25
XBV00126.VDF   : 8.11.162.134   184320 Bytes  18.07.2014 09:55:25
XBV00127.VDF   : 8.11.162.136     2048 Bytes  18.07.2014 09:55:25
XBV00128.VDF   : 8.11.162.152   231424 Bytes  18.07.2014 09:55:25
XBV00129.VDF   : 8.11.162.154     2048 Bytes  18.07.2014 09:55:25
XBV00130.VDF   : 8.11.162.170   108032 Bytes  18.07.2014 09:55:25
XBV00131.VDF   : 8.11.162.172     9728 Bytes  18.07.2014 09:55:25
XBV00132.VDF   : 8.11.162.174     2048 Bytes  18.07.2014 09:55:25
XBV00133.VDF   : 8.11.162.188    20992 Bytes  18.07.2014 09:55:25
XBV00134.VDF   : 8.11.162.192     2048 Bytes  18.07.2014 09:55:25
XBV00135.VDF   : 8.11.162.194     2048 Bytes  18.07.2014 09:55:25
XBV00136.VDF   : 8.11.162.200    19968 Bytes  18.07.2014 09:55:26
XBV00137.VDF   : 8.11.162.204     2048 Bytes  18.07.2014 09:55:26
XBV00138.VDF   : 8.11.162.212     2048 Bytes  18.07.2014 09:55:26
XBV00139.VDF   : 8.11.162.228   227840 Bytes  19.07.2014 11:14:26
XBV00140.VDF   : 8.11.162.244     2048 Bytes  19.07.2014 11:14:26
XBV00141.VDF   : 8.11.163.2     31232 Bytes  19.07.2014 11:14:26
XBV00142.VDF   : 8.11.163.16    62464 Bytes  20.07.2014 11:14:26
XBV00143.VDF   : 8.11.163.20   202752 Bytes  20.07.2014 21:56:27
XBV00144.VDF   : 8.11.163.22     2048 Bytes  20.07.2014 21:56:27
XBV00145.VDF   : 8.11.163.26    50176 Bytes  21.07.2014 08:08:09
XBV00146.VDF   : 8.11.163.28    23040 Bytes  21.07.2014 08:08:09
XBV00147.VDF   : 8.11.163.42     6144 Bytes  21.07.2014 08:08:09
XBV00148.VDF   : 8.11.163.44     2560 Bytes  21.07.2014 08:08:09
XBV00149.VDF   : 8.11.163.56     5120 Bytes  21.07.2014 22:46:28
XBV00150.VDF   : 8.11.163.68     8192 Bytes  21.07.2014 22:46:29
XBV00151.VDF   : 8.11.163.74   213504 Bytes  21.07.2014 22:46:29
XBV00152.VDF   : 8.11.163.78    22528 Bytes  22.07.2014 06:44:51
XBV00153.VDF   : 8.11.163.82     2560 Bytes  22.07.2014 06:44:51
XBV00154.VDF   : 8.11.163.84   181248 Bytes  22.07.2014 06:44:52
XBV00155.VDF   : 8.11.163.86     9728 Bytes  22.07.2014 19:32:38
XBV00156.VDF   : 8.11.163.92     2560 Bytes  22.07.2014 19:32:38
XBV00157.VDF   : 8.11.163.98   230400 Bytes  22.07.2014 19:32:38
XBV00158.VDF   : 8.11.163.100     2048 Bytes  22.07.2014 19:32:38
XBV00159.VDF   : 8.11.163.102     2048 Bytes  22.07.2014 19:32:38
XBV00160.VDF   : 8.11.163.108    22528 Bytes  22.07.2014 19:32:38
XBV00161.VDF   : 8.11.163.112    17920 Bytes  22.07.2014 19:32:38
XBV00162.VDF   : 8.11.163.116     2048 Bytes  23.07.2014 19:32:38
XBV00163.VDF   : 8.11.163.130   194048 Bytes  23.07.2014 19:32:38
XBV00164.VDF   : 8.11.163.142    20992 Bytes  23.07.2014 19:32:38
XBV00165.VDF   : 8.11.163.154    11776 Bytes  23.07.2014 19:32:38
XBV00166.VDF   : 8.11.163.158    17920 Bytes  23.07.2014 19:32:38
XBV00167.VDF   : 8.11.163.164     2048 Bytes  23.07.2014 19:32:38
XBV00168.VDF   : 8.11.163.170    14848 Bytes  23.07.2014 19:10:41
XBV00169.VDF   : 8.11.163.174   193024 Bytes  23.07.2014 19:10:41
XBV00170.VDF   : 8.11.163.176     3072 Bytes  23.07.2014 19:10:41
XBV00171.VDF   : 8.11.163.178     3072 Bytes  23.07.2014 19:10:41
XBV00172.VDF   : 8.11.163.184   199168 Bytes  24.07.2014 19:10:42
XBV00173.VDF   : 8.11.163.186   421376 Bytes  24.07.2014 19:10:42
XBV00174.VDF   : 8.11.163.198     2048 Bytes  24.07.2014 19:10:42
XBV00175.VDF   : 8.11.163.200     2048 Bytes  24.07.2014 19:10:42
XBV00176.VDF   : 8.11.163.212   212992 Bytes  24.07.2014 19:10:42
XBV00177.VDF   : 8.11.163.222    34816 Bytes  24.07.2014 18:23:28
XBV00178.VDF   : 8.11.163.226     2048 Bytes  24.07.2014 18:23:28
XBV00179.VDF   : 8.11.163.230    21504 Bytes  24.07.2014 18:23:28
XBV00180.VDF   : 8.11.165.38   819200 Bytes  04.08.2014 09:59:22
XBV00181.VDF   : 8.11.165.40   214528 Bytes  04.08.2014 09:59:22
XBV00182.VDF   : 8.11.165.42     2048 Bytes  04.08.2014 09:59:22
XBV00183.VDF   : 8.11.165.44    11776 Bytes  04.08.2014 09:59:22
XBV00184.VDF   : 8.11.165.48   202752 Bytes  04.08.2014 09:59:23
XBV00185.VDF   : 8.11.165.50     2048 Bytes  05.08.2014 09:59:23
XBV00186.VDF   : 8.11.165.54     7680 Bytes  05.08.2014 09:59:23
XBV00187.VDF   : 8.11.165.58     2048 Bytes  05.08.2014 09:59:23
XBV00188.VDF   : 8.11.165.60   201728 Bytes  05.08.2014 09:59:23
XBV00189.VDF   : 8.11.165.62     9216 Bytes  05.08.2014 09:59:23
XBV00190.VDF   : 8.11.165.64     2048 Bytes  05.08.2014 09:59:23
XBV00191.VDF   : 8.11.165.66     2048 Bytes  05.08.2014 09:59:23
XBV00192.VDF   : 8.11.165.68     2048 Bytes  05.08.2014 09:59:23
XBV00193.VDF   : 8.11.165.70   253952 Bytes  05.08.2014 09:59:24
XBV00194.VDF   : 8.11.165.82   236544 Bytes  05.08.2014 09:59:24
XBV00195.VDF   : 8.11.165.88     2048 Bytes  05.08.2014 09:59:24
XBV00196.VDF   : 8.11.165.94    17408 Bytes  05.08.2014 09:59:24
XBV00197.VDF   : 8.11.165.100     2048 Bytes  05.08.2014 09:59:24
XBV00198.VDF   : 8.11.165.118    13824 Bytes  06.08.2014 09:59:24
XBV00199.VDF   : 8.11.165.122    15360 Bytes  06.08.2014 09:59:24
XBV00200.VDF   : 8.11.165.124     2048 Bytes  06.08.2014 09:59:24
XBV00201.VDF   : 8.11.165.128   227840 Bytes  06.08.2014 09:59:25
XBV00202.VDF   : 8.11.165.130     2048 Bytes  06.08.2014 09:59:25
XBV00203.VDF   : 8.11.165.132     2048 Bytes  06.08.2014 09:59:25
XBV00204.VDF   : 8.11.165.136    52224 Bytes  06.08.2014 09:59:25
XBV00205.VDF   : 8.11.165.138   206848 Bytes  06.08.2014 09:59:25
XBV00206.VDF   : 8.11.165.146    12800 Bytes  06.08.2014 09:59:25
XBV00207.VDF   : 8.11.165.150     6656 Bytes  06.08.2014 09:59:25
XBV00208.VDF   : 8.11.165.156    15872 Bytes  07.08.2014 09:59:25
LOCAL000.VDF   : 8.11.165.156 109762560 Bytes  07.08.2014 10:00:14
Engineversion  : 8.3.24.2  
AEVDF.DLL      : 8.3.1.0       133992 Bytes  01.08.2014 18:23:28
AESCRIPT.DLL   : 8.2.0.14      428032 Bytes  01.08.2014 18:23:27
AESCN.DLL      : 8.3.2.2       139456 Bytes  21.07.2014 22:46:28
AESBX.DLL      : 8.2.20.24    1409224 Bytes  11.05.2014 18:16:59
AERDL.DLL      : 8.2.0.138     704888 Bytes  14.02.2014 10:00:46
AEPACK.DLL     : 8.4.0.46      786632 Bytes  01.08.2014 18:23:27
AEOFFICE.DLL   : 8.3.0.16      213192 Bytes  01.08.2014 18:23:27
AEHEUR.DLL     : 8.1.4.1198   7338864 Bytes  01.08.2014 18:23:26
AEHELP.DLL     : 8.3.1.0       278728 Bytes  29.05.2014 07:35:44
AEGEN.DLL      : 8.1.7.28      450752 Bytes  06.06.2014 18:02:09
AEEXP.DLL      : 8.4.2.22      244584 Bytes  01.08.2014 18:23:28
AEEMU.DLL      : 8.1.3.2       393587 Bytes  14.02.2014 10:00:46
AEDROID.DLL    : 8.4.2.24      442568 Bytes  06.06.2014 18:02:11
AECORE.DLL     : 8.3.2.2       241864 Bytes  21.07.2014 22:46:26
AEBB.DLL       : 8.1.1.4        53619 Bytes  14.02.2014 10:00:46
AVWINLL.DLL    : 14.0.6.522     24144 Bytes  07.08.2014 09:58:54
AVPREF.DLL     : 14.0.6.522     50256 Bytes  07.08.2014 09:58:57
AVREP.DLL      : 14.0.6.522    219216 Bytes  07.08.2014 09:58:57
AVARKT.DLL     : 14.0.5.368    226384 Bytes  24.06.2014 11:19:10
AVEVTLOG.DLL   : 14.0.6.522    182352 Bytes  07.08.2014 09:58:56
SQLITE3.DLL    : 14.0.6.522    452176 Bytes  07.08.2014 09:59:19
AVSMTP.DLL     : 14.0.6.522     76368 Bytes  07.08.2014 09:58:59
NETNT.DLL      : 14.0.6.522     13392 Bytes  07.08.2014 09:59:14
RCIMAGE.DLL    : 14.0.6.544   4863568 Bytes  07.08.2014 09:58:54
RCTEXT.DLL     : 14.0.6.536     74320 Bytes  07.08.2014 09:58:54

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_53e3675c\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig

Beginn des Suchlaufs: Donnerstag, 7. August 2014  13:57

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '182' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SystemAgentService.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService8x64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'NLSSRV32.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ath_CoexAgent.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '214' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICCProxy.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SettingSyncHost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TiWorker.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\contesssa\Downloads\malwarebytes-anti-malware_setup.exe'
C:\Users\contesssa\Downloads\malwarebytes-anti-malware_setup.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5184fafb.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 7. August 2014  13:57
Benötigte Zeit: 00:09 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    875 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    874 Dateien ohne Befall
      1 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         
Bei dem adw cleaner erscheint : aut2exe funktioniert nicht mehr. Programm wird geschlossen !

Code:
ATTFilter
  Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by contesssa at 2014-08-08 10:29:49
Running from C:\Users\contesssa\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar Engine (HKCU\...\{f6f7e3e1-d1e6-4adc-b2c8-4f9946a84573}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-08-2014 13:29:52 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {028F7BA2-6F53-4A86-973A-B72EBE6D73A6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11713C7D-CDD5-4ED6-A865-89685117D6DE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {15CFED45-5261-4590-A96F-47EBB8A1961D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31C2A7A0-4892-4BD0-AD93-4A752D1796A5} - System32\Tasks\Lenovo\LenovoMachineInformation => C:\Program Files\lenovo\SystemAgent\MachineInformation.exe [2013-05-02] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41B089C1-D45B-41BD-A1C7-B07E874EF3EE} - System32\Tasks\Lenovo\LenovoWarrantyChinaTask => C:\Program Files\lenovo\SystemAgent\ChinaWarrantyService.exe [2013-05-02] ()
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4ADE1941-F662-4498-8972-B198A70241BF} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-05-02] ()
Task: {578DA71D-4792-49E5-A998-82BD10017897} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {6A22210D-76C7-4A29-AFE1-B08943249160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EEFEB6A-289F-4D4E-9025-A535969B0364} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C93EE21-3136-4695-881A-2F45783050C1} - System32\Tasks\SoftUpdateLogon => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {927CF79C-0219-4928-9A28-263935B64716} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1361BB9-0188-439D-9100-D20F39CDF21E} - System32\Tasks\SoftUpdateDaily => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {A56F93A8-C213-4A7D-90F0-3EE0E5551C59} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {AA05510B-0EE5-4260-9FB0-84CE84E4290A} - System32\Tasks\Lenovo\LenovoUserguidesCopy => C:\Program Files\lenovo\SystemAgent\UserguidesCopy.exe [2013-05-02] ()
Task: {B379786F-D38D-47CD-AB65-82CA8CF66164} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {B8A14DF3-0A9A-437A-B5D8-9D3CF10694E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {C4583446-F249-471E-B139-442A743C0538} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D97C9F57-3822-4C1D-9B29-ACDB7995D42B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 21:52 - 2014-04-25 21:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7a891719ed7b38bb959d812adc580f5c\PSIClient.ni.dll
2013-07-23 14:55 - 2012-10-23 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-08-08 10:00 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\contesssa\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\contesssa\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "fst_de_99"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x7ac
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5

Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x1698
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5

Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5

Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00040833
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5

Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x17d8
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5

Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0004082f
ID des fehlerhaften Prozesses: 0x31c
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5

Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000420d5
ID des fehlerhaften Prozesses: 0x1060
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5

Error: (08/07/2014 01:44:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002f8c7
ID des fehlerhaften Prozesses: 0x1314
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5

Error: (08/07/2014 01:40:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002f8c7
ID des fehlerhaften Prozesses: 0x1218
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5

Error: (08/07/2014 00:12:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002f8c7
ID des fehlerhaften Prozesses: 0x8f4
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5


System errors:
=============
Error: (08/08/2014 01:46:19 AM) (Source: DCOM) (EventID: 10010) (User: CONNY)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (08/08/2014 01:46:19 AM) (Source: DCOM) (EventID: 10010) (User: CONNY)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (08/07/2014 10:53:53 PM) (Source: DCOM) (EventID: 10016) (User: CONNY)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}connycontesssaS-1-5-21-1714798670-2283502341-2433251003-1001LocalHost (unter Verwendung von LRPC)Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5cS-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734

Error: (08/07/2014 10:53:53 PM) (Source: DCOM) (EventID: 10016) (User: CONNY)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}connycontesssaS-1-5-21-1714798670-2283502341-2433251003-1001LocalHost (unter Verwendung von LRPC)Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5cS-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734

Error: (08/04/2014 10:48:47 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:48:11 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:47:58 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:47:21 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb7ac01cfb2e08e8e82efC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.execc5548e0-1ed3-11e4-beab-50af735ae431

Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb169801cfb2e076bccfddC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeb48395f0-1ed3-11e4-beab-50af735ae431

Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb105c01cfb2e06a3eb7e1C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exea81fb835-1ed3-11e4-beab-50af735ae431

Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd00040833a4001cfb2def9b5901dC:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\WINDOWS\SYSTEM32\ntdll.dll430badd9-1ed3-11e4-beab-50af735ae431

Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb17d801cfb2df56b93864C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exe94fbfab5-1ed2-11e4-beab-50af735ae431

Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd0004082f31c01cfb285dd2e28ccC:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\WINDOWS\SYSTEM32\ntdll.dll6b033e8d-1e79-11e4-beab-50af735ae431

Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd000420d5106001cfb235b75a7506C:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\WINDOWS\SYSTEM32\ntdll.dll5f2b7dbb-1e29-11e4-beab-50af735ae431

Error: (08/07/2014 01:44:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764adwcleaner_3.303.exe3.3.0.353e28764c00000fd0002f8c7131401cfb234a79c3ec2C:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\Users\contesssa\Downloads\adwcleaner_3.303.exe3f922920-1e28-11e4-beaa-50af735ae431

Error: (08/07/2014 01:40:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764adwcleaner_3.303.exe3.3.0.353e28764c00000fd0002f8c7121801cfb23450ec8d9fC:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\Users\contesssa\Downloads\adwcleaner_3.303.exeae8b5c3c-1e27-11e4-beaa-50af735ae431

Error: (08/07/2014 00:12:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764adwcleaner_3.303.exe3.3.0.353e28764c00000fd0002f8c78f401cfb226f445cc81C:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\Users\contesssa\Downloads\adwcleaner_3.303.exe5008fe28-1e1b-11e4-beaa-50af735ae431


CodeIntegrity Errors:
===================================
  Date: 2014-07-20 13:18:25.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.

  Date: 2014-07-20 13:18:12.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.

  Date: 2014-02-25 21:57:06.854
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-02-25 21:57:06.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2013-11-03 01:10:55.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-03 00:59:03.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 09:18:13.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 08:44:57.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 08:38:59.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-02 01:14:32.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 3975.27 MB
Available physical RAM: 2936.98 MB
Total Pagefile: 8071.27 MB
Available Pagefile: 6847.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.23 GB) (Free:368.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3FD8BFE0)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
[CO
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by contesssa (administrator) on CONNY on 08-08-2014 10:28:53
Running from C:\Users\contesssa\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [GoogleChromeAutoLaunch_8856B223242C46EC7E7BB0B38EB6BDE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:50714;https=127.0.0.1:50714
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {B8685F37-302D-4748-8F8A-0CC05A05EA7B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL: 
CHR Extension: (Avira Sparberater) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-02]
CHR Extension: (Avira Browser Safety) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-08]
CHR Extension: (Google Wallet) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-02] (LENOVO INCORPORATED.)
S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [491520 2014-03-14] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-24] (Intel(R) Corporation) [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-09] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 10:00 - 2014-08-08 10:00 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 10:00 - 2014-08-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 12:04 - 2014-08-08 10:09 - 00000000 ____D () C:\AdwCleaner
2014-08-07 12:04 - 2014-08-07 12:04 - 01475072 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.303.exe
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:24 - 2014-08-06 08:36 - 00024491 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 15:23 - 2014-08-08 10:29 - 00015061 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-04 15:19 - 2014-08-08 10:28 - 00000000 ____D () C:\FRST
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:56 - 2014-08-04 15:20 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 14:55 - 2014-08-04 14:55 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8 (1).exe
2014-08-04 14:51 - 2014-08-04 14:51 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8.exe
2014-08-04 10:23 - 2014-08-08 10:18 - 00274243 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 11:12 - 2014-04-05 08:21 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-21 10:29 - 2014-07-21 10:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-15 00:37 - 2014-07-19 13:00 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-14 21:08 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 09:31 - 2014-07-10 09:35 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:07 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 09:07 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 09:07 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 09:07 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 09:07 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 09:07 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 09:07 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 09:07 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 09:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 09:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 09:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 09:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 09:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 09:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 09:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 09:06 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 09:06 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 09:06 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 09:06 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 09:06 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 09:06 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 09:06 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 09:06 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 09:06 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 09:06 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 09:06 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 10:29 - 2014-08-04 15:23 - 00015061 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-08 10:28 - 2014-08-04 15:19 - 00000000 ____D () C:\FRST
2014-08-08 10:18 - 2014-08-04 10:23 - 00274243 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-08 10:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-08 10:09 - 2014-08-07 12:04 - 00000000 ____D () C:\AdwCleaner
2014-08-08 10:03 - 2013-10-18 00:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1714798670-2283502341-2433251003-1001
2014-08-08 10:00 - 2014-08-08 10:00 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 10:00 - 2014-08-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\ProgramData\Avira
2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-08 09:58 - 2014-02-26 14:46 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 09:58 - 2014-01-10 00:24 - 00000000 __RDO () C:\Users\contesssa\SkyDrive
2014-08-08 00:47 - 2014-02-26 14:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-08 00:30 - 2014-02-26 14:46 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 13:48 - 2014-03-13 21:38 - 00000182 _____ () C:\Users\contesssa\AppData\Local\RegisteredPackageInformation.xml
2014-08-07 13:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-07 13:46 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-07 12:04 - 2014-08-07 12:04 - 01475072 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.303.exe
2014-08-07 12:01 - 2014-01-29 17:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85B33DF1-38E0-4A33-B992-7D2DC8C2FBAA}
2014-08-06 08:36 - 2014-08-04 15:24 - 00024491 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:20 - 2014-08-04 14:56 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:55 - 2014-08-04 14:55 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8 (1).exe
2014-08-04 14:51 - 2014-08-04 14:51 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8.exe
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:40 - 2013-10-23 18:45 - 00000000 ____D () C:\Conny
2014-08-04 09:11 - 2013-10-26 15:04 - 00000000 ____D () C:\ProgramData\tmp
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-08-04 08:51 - 2014-01-09 23:17 - 00000000 ____D () C:\Users\contesssa
2014-08-03 11:50 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-03 11:50 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-03 11:50 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-23 21:30 - 2013-10-27 22:03 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Skype
2014-07-22 11:52 - 2013-10-17 16:57 - 00000000 ___RD () C:\Users\contesssa\Desktop\Anwendungen
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-22 11:43 - 2013-10-27 21:46 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-22 11:27 - 2013-10-27 16:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-22 01:30 - 2013-10-27 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:41 - 2014-07-21 10:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-20 13:27 - 2014-04-14 14:56 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-07-19 13:00 - 2014-07-15 00:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 11:58 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-15 16:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 14:34 - 2014-03-17 13:28 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 00:37 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 00:30 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 21:19 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 21:17 - 2013-10-25 14:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-14 21:15 - 2013-10-25 14:05 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-14 21:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 10:02 - 2013-10-26 15:33 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nitro PDF
2014-07-10 09:35 - 2014-07-10 09:31 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 19:47 - 2014-02-26 14:45 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\contesssa\AppData\Local\Temp\avgnt.exe
C:\Users\contesssa\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\contesssa\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 01:13

==================== End Of Log ============================
         
--- --- ---

--- --- ---
DE][/CODE]

Alt 08.08.2014, 10:30   #10
M-K-D-B
/// TB-Ausbilder
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst]



Servus,


zum 1. Schritt:
Starte deinen Rechner nach dieser Anleitung und führe das Tool im abgesicherten Modus aus.


zum 2. Schritt:
Du hast MBAM nicht von der Originalseite geladen bzw. von dort geladen, wo ich es dir gesagt habe...


nochmal versuchen.
__________________
offline: 12.08. bis 02.09.

_________________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 08.08.2014, 12:58   #11
Conny 12
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst]



[CODAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by contesssa at 2014-08-08 13:39:21
Running from C:\Users\contesssa\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar Engine (HKCU\...\{f6f7e3e1-d1e6-4adc-b2c8-4f9946a84573}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

04-08-2014 13:29:52 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {028F7BA2-6F53-4A86-973A-B72EBE6D73A6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11713C7D-CDD5-4ED6-A865-89685117D6DE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {15CFED45-5261-4590-A96F-47EBB8A1961D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31C2A7A0-4892-4BD0-AD93-4A752D1796A5} - System32\Tasks\Lenovo\LenovoMachineInformation => C:\Program Files\lenovo\SystemAgent\MachineInformation.exe [2013-05-02] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41B089C1-D45B-41BD-A1C7-B07E874EF3EE} - System32\Tasks\Lenovo\LenovoWarrantyChinaTask => C:\Program Files\lenovo\SystemAgent\ChinaWarrantyService.exe [2013-05-02] ()
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4ADE1941-F662-4498-8972-B198A70241BF} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-05-02] ()
Task: {578DA71D-4792-49E5-A998-82BD10017897} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {6A22210D-76C7-4A29-AFE1-B08943249160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EEFEB6A-289F-4D4E-9025-A535969B0364} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C93EE21-3136-4695-881A-2F45783050C1} - System32\Tasks\SoftUpdateLogon => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {927CF79C-0219-4928-9A28-263935B64716} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1361BB9-0188-439D-9100-D20F39CDF21E} - System32\Tasks\SoftUpdateDaily => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {A56F93A8-C213-4A7D-90F0-3EE0E5551C59} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {AA05510B-0EE5-4260-9FB0-84CE84E4290A} - System32\Tasks\Lenovo\LenovoUserguidesCopy => C:\Program Files\lenovo\SystemAgent\UserguidesCopy.exe [2013-05-02] ()
Task: {B379786F-D38D-47CD-AB65-82CA8CF66164} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {B8A14DF3-0A9A-437A-B5D8-9D3CF10694E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {C4583446-F249-471E-B139-442A743C0538} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D97C9F57-3822-4C1D-9B29-ACDB7995D42B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-08 10:00 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\contesssa\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-04-25 21:52 - 2014-04-25 21:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7a891719ed7b38bb959d812adc580f5c\PSIClient.ni.dll
2013-07-23 14:55 - 2012-10-23 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\contesssa\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "fst_de_99"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MachineInformation.exe, Version: 1.5.33.0, Zeitstempel: 0x51826efc
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0xa08
Startzeit der fehlerhaften Anwendung: 0xMachineInformation.exe0
Pfad der fehlerhaften Anwendung: MachineInformation.exe1
Pfad des fehlerhaften Moduls: MachineInformation.exe2
Berichtskennung: MachineInformation.exe3
Vollständiger Name des fehlerhaften Pakets: MachineInformation.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MachineInformation.exe5

Error: (08/08/2014 01:14:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MachineInformation.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
Stapel:
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
bei System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
bei System.Xml.XmlDocument.Save(System.String)
bei MachineInformation.Program.Main(System.String[])

Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x7ac
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5

Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x1698
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5

Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5

Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00040833
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5

Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x17d8
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5

Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0004082f
ID des fehlerhaften Prozesses: 0x31c
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5

Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000420d5
ID des fehlerhaften Prozesses: 0x1060
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5

Error: (08/07/2014 01:44:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002f8c7
ID des fehlerhaften Prozesses: 0x1314
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5


System errors:
=============
Error: (08/08/2014 01:46:19 AM) (Source: DCOM) (EventID: 10010) (User: CONNY)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (08/08/2014 01:46:19 AM) (Source: DCOM) (EventID: 10010) (User: CONNY)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (08/07/2014 10:53:53 PM) (Source: DCOM) (EventID: 10016) (User: CONNY)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}connycontesssaS-1-5-21-1714798670-2283502341-2433251003-1001LocalHost (unter Verwendung von LRPC)Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5cS-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734

Error: (08/07/2014 10:53:53 PM) (Source: DCOM) (EventID: 10016) (User: CONNY)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}connycontesssaS-1-5-21-1714798670-2283502341-2433251003-1001LocalHost (unter Verwendung von LRPC)Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5cS-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734

Error: (08/04/2014 10:48:47 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:48:11 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:47:58 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:47:21 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (08/08/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MachineInformation.exe1.5.33.051826efcKERNELBASE.dll6.3.9600.17055532943a3e043435200011d4da0801cfb2f9e3c75422C:\Program Files\lenovo\SystemAgent\MachineInformation.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll3988c9de-1eed-11e4-beac-50af735ae431

Error: (08/08/2014 01:14:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MachineInformation.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
Stapel:
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
bei System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
bei System.Xml.XmlDocument.Save(System.String)
bei MachineInformation.Program.Main(System.String[])

Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb7ac01cfb2e08e8e82efC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.execc5548e0-1ed3-11e4-beab-50af735ae431

Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb169801cfb2e076bccfddC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeb48395f0-1ed3-11e4-beab-50af735ae431

Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb105c01cfb2e06a3eb7e1C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exea81fb835-1ed3-11e4-beab-50af735ae431

Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd00040833a4001cfb2def9b5901dC:\Users\contesssa\Downloads\adwcleaner_3.303.exe C:\WINDOWS\SYSTEM32\ntdll.dll430badd9-1ed3-11e4-beab-50af735ae431

Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb17d801cfb2df56b93864C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exe94fbfab5-1ed2-11e4-beab-50af735ae431

Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd0004082f31c01cfb285dd2e28ccC:\Users\contesssa\Downloads\adwcleaner_3.303.exe C:\WINDOWS\SYSTEM32\ntdll.dll6b033e8d-1e79-11e4-beab-50af735ae431

Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd000420d5106001cfb235b75a7506C:\Users\contesssa\Downloads\adwcleaner_3.303.ex eC:\WINDOWS\SYSTEM32\ntdll.dll5f2b7dbb-1e29-11e4-beab-50af735ae431

Error: (08/07/2014 01:44:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764adwcleaner_3.303.exe3.3.0.353e28764c00000fd0002f8c7131401cfb234a79c3ec2C:\Users\contesssa\Downloads\adwcleaner_3.30 3.exeC:\Users\contesssa\Downloads\adwcleaner_3.303.exe3f922920-1e28-11e4-beaa-50af735ae431


CodeIntegrity Errors:
===================================
Date: 2014-07-20 13:18:25.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.

Date: 2014-07-20 13:18:12.580
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.

Date: 2014-02-25 21:57:06.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

Date: 2014-02-25 21:57:06.682
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

Date: 2013-11-03 01:10:55.629
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-03 00:59:03.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-02 09:18:13.111
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-02 08:44:57.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-02 08:38:59.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-11-02 01:14:32.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3975.27 MB
Available physical RAM: 2451.97 MB
Total Pagefile: 8071.27 MB
Available Pagefile: 6277.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.23 GB) (Free:368.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3FD8BFE0)

Partition: GPT Partition Type.

==================== End Of Log ============================E][/CODE]

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by contesssa (administrator) on CONNY on 08-08-2014 13:38:26
Running from C:\Users\contesssa\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [GoogleChromeAutoLaunch_8856B223242C46EC7E7BB0B38EB6BDE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_8856B223242C46EC7E7BB0B38EB6BDE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:50714;https=127.0.0.1:50714
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {B8685F37-302D-4748-8F8A-0CC05A05EA7B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL: 
CHR Extension: (Avira Sparberater) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-02] (LENOVO INCORPORATED.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-24] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-09] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 13:32 - 2014-08-08 13:32 - 00001155 _____ () C:\anti malware.txt
2014-08-08 13:13 - 2014-08-08 13:13 - 00000522 _____ () C:\WINDOWS\PFRO.log
2014-08-08 12:47 - 2014-08-08 13:14 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 12:47 - 2014-08-08 12:47 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-08 12:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-08 12:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-08 12:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-08 12:46 - 2014-08-08 12:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\contesssa\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-08 10:00 - 2014-08-08 10:00 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 10:00 - 2014-08-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 12:04 - 2014-08-08 10:09 - 00000000 ____D () C:\AdwCleaner
2014-08-07 12:04 - 2014-08-07 12:04 - 01475072 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.303.exe
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:24 - 2014-08-08 10:30 - 00031406 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 15:23 - 2014-08-08 13:38 - 00017407 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-04 15:19 - 2014-08-08 13:38 - 00000000 ____D () C:\FRST
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:56 - 2014-08-04 15:20 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 10:23 - 2014-08-08 13:35 - 00326676 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 11:12 - 2014-04-05 08:21 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-21 10:29 - 2014-07-21 10:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-15 00:37 - 2014-07-19 13:00 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-14 21:08 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 09:31 - 2014-07-10 09:35 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:07 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 09:07 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 09:07 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 09:07 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 09:07 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 09:07 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 09:07 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 09:07 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 09:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 09:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 09:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 09:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 09:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 09:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 09:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 09:06 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 09:06 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 09:06 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 09:06 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 09:06 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 09:06 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 09:06 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 09:06 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 09:06 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 09:06 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 09:06 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 13:38 - 2014-08-04 15:23 - 00017407 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-08 13:38 - 2014-08-04 15:19 - 00000000 ____D () C:\FRST
2014-08-08 13:38 - 2014-01-29 17:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85B33DF1-38E0-4A33-B992-7D2DC8C2FBAA}
2014-08-08 13:35 - 2014-08-04 10:23 - 00326676 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-08 13:32 - 2014-08-08 13:32 - 00001155 _____ () C:\anti malware.txt
2014-08-08 13:30 - 2014-02-26 14:46 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-08 13:20 - 2013-10-18 00:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1714798670-2283502341-2433251003-1001
2014-08-08 13:15 - 2014-01-10 00:24 - 00000000 __RDO () C:\Users\contesssa\SkyDrive
2014-08-08 13:14 - 2014-08-08 12:47 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 13:14 - 2014-03-13 21:38 - 00000182 _____ () C:\Users\contesssa\AppData\Local\RegisteredPackageInformation.xml
2014-08-08 13:14 - 2014-02-26 14:46 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 13:13 - 2014-08-08 13:13 - 00000522 _____ () C:\WINDOWS\PFRO.log
2014-08-08 13:13 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-08 13:13 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-08 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-08 12:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-08 12:47 - 2014-08-08 12:47 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-08 12:47 - 2014-02-26 14:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-08 12:46 - 2014-08-08 12:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\contesssa\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-08 10:30 - 2014-08-04 15:24 - 00031406 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-08 10:09 - 2014-08-07 12:04 - 00000000 ____D () C:\AdwCleaner
2014-08-08 10:00 - 2014-08-08 10:00 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 10:00 - 2014-08-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\ProgramData\Avira
2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-07 12:04 - 2014-08-07 12:04 - 01475072 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.303.exe
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:20 - 2014-08-04 14:56 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:40 - 2013-10-23 18:45 - 00000000 ____D () C:\Conny
2014-08-04 09:11 - 2013-10-26 15:04 - 00000000 ____D () C:\ProgramData\tmp
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-08-04 08:51 - 2014-01-09 23:17 - 00000000 ____D () C:\Users\contesssa
2014-08-03 11:50 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-03 11:50 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-03 11:50 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-23 21:30 - 2013-10-27 22:03 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Skype
2014-07-22 11:52 - 2013-10-17 16:57 - 00000000 ___RD () C:\Users\contesssa\Desktop\Anwendungen
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-22 11:43 - 2013-10-27 21:46 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-22 11:27 - 2013-10-27 16:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-22 01:30 - 2013-10-27 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:41 - 2014-07-21 10:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-20 13:27 - 2014-04-14 14:56 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-07-19 13:00 - 2014-07-15 00:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 11:58 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-15 16:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 14:34 - 2014-03-17 13:28 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 00:37 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 00:30 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 21:19 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 21:17 - 2013-10-25 14:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-14 21:15 - 2013-10-25 14:05 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-14 21:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 10:02 - 2013-10-26 15:33 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nitro PDF
2014-07-10 09:35 - 2014-07-10 09:31 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 19:47 - 2014-02-26 14:45 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\contesssa\AppData\Local\Temp\avgnt.exe
C:\Users\contesssa\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\contesssa\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 01:13

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Habe es geschafft Anti-Malware zu downloaden.. es waren 8 unerwünschte Miststücke drauf.
Ab in quarantäne und hab den laptop neu gestartet und den suchlauf auch nochmal neu....und war alles sauber. dann versuchte ich den text zu exportieren..vergebends es ging nicht adobe
sprang an und hat es nicht zu gelassen rauszuschicken. viele sonnige grüsse

Alt 08.08.2014, 16:30   #12
M-K-D-B
/// TB-Ausbilder
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst]



Servus,



bekomme ich noch die Logdatei von AdwCleaner?

Wieso hast du nochmal eine Logdatei von FRST gepostet?
__________________
offline: 12.08. bis 02.09.

_________________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 11.08.2014, 11:14   #13
M-K-D-B
/// TB-Ausbilder
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst]



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
offline: 12.08. bis 02.09.

_________________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 11.08.2014, 19:04   #14
Conny 12
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst]



---------------------------
- AdwCleaner - Informationen -
---------------------------
Wenn Ihnen gesagt wurde AdwCleaner zu benutzen, so liegt es wahrscheinlich daran, dass Ihr PC unerwünschte Programme oder Adware beinhaltet.



Potentiell unerwünschte Programme werden oft während der Installation von Software angeboten. Dies kann mit Hilfe von Toolbars geschehen, die manchmal die Startseite ihres Browsers verändern und das Surfen im Internet verlangsamen.



Um die Installation von derartigen Programmen zu vermeiden, ist es notwendig, dass Sie die folgenden Tipps befolgen:



- Laden Sie ein Programm stets von der offiziellen Seite oder einer vertrauenswürdigen Seite herunter.

- Wenn Sie ein Programm installieren, klicken Sie nicht zu schnell auf [Weiter] ohne die Nutzungsbedingungen oder die Programme von Dritt-Anbietern zu beachten.

- Sollten Programme von Dritt-Anbietern zur Verfügung stehen (Toolbars, etc. ), entfernen Sie alle Haken davor.

- Aktivieren Sie die Erkennung von PUPs in Ihrer Antivirus-Software.



Sie können auch Hosts Anti-PUP/Adware von AdwCleaner aus installieren, indem Sie auf "Tools" und dann auf "Hosts Anti-PUP/Adware" klicken.
---------------------------
OK
---------------------------

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 08.08.2014
Suchlauf-Zeit: 14:39:21
Logdatei: anti malware.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.08.02
Rootkit Datenbank: v2014.08.04.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: contesssa

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 316996
Verstrichene Zeit: 12 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end) Hallo ich kam mit den berichten nicht zu recht. viele Grüße Conny

Alt 12.08.2014, 09:43   #15
M-K-D-B
/// TB-Ausbilder
 
TR/Buzy.4089.3  C:/ Windows/ bsfvc64.exe - Standard

TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst]



Servus,


das erste ist nicht die Logdatei von AdwCleaner.

Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer).

Bitte nachreichen.
__________________
offline: 12.08. bis 02.09.

_________________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Antwort

Themen zu TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe
.exe, leute, liebe, scan, scanner, stelle, troja, trojaner, virenscan, virenscanner, windows, windows 8




Zum Thema TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe - Hallo liebe Leute Mein Virenscanner hat diesen Trojaner gefunden.Was muss ich anstellen das der verschwindet? Ich habe Windows 8 Viele Grüße - TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe...
Archiv
Du betrachtest: TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.