Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.08.2014, 19:13   #1
Deadwing
 
Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde



Hallo zusammen,
ich habe folgendes Problem: vorgestern habe ich abends meinen PC eingeschaltet und er hat ewig zum Booten gebraucht. Als er dann endlich gebootet hatte, war eine Partition einer Datenplatte auf einmal unformatiert (RAW). Sie ließ sich nicht anklicken und auch nicht neu formatieren. Nach dem Virenscanner, der nichts gefunden hat (Avira) habe ich Malwarebytes laufen lassen, das ca 90 Funde hatte. Ich habe die alle in die Quarantäne verschoben.
Heute ließ sich die Platte formatieren und damit auch die Langsamkeit beseitigen (habe ich nicht verstanden) aber das ungute Gefühl wegen der Malware bleibt.
Dann bin ich auf das Forum hier gestoßen und hab einmal brav alles gemacht, was man laut To-Do machen sollte. Vielleicht weiß hier ja jemand etwas dazu.
Die Logfiles füge ich ein:

GMER:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-07 19:54:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 SAMSUNG_SSD_830_Series rev.CXM03B1Q 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Max\AppData\Local\Temp\ufldypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                                           fffff80002ff9000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594                                                                                                                                                                           fffff80002ff9042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                             0000000077da1465 2 bytes [DA, 77]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                            0000000077da14bb 2 bytes [DA, 77]
.text     ...                                                                                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                      0000000077da1465 2 bytes [DA, 77]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                     0000000077da14bb 2 bytes [DA, 77]
.text     ...                                                                                                                                                                                                                                          * 2
?         C:\Windows\system32\mssprxy.dll [2408] entry point in ".rdata" section                                                                                                                                                                       00000000718371e6
.text     C:\Users\Max\AppData\Local\Akamai\netsession_win.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                           0000000077da1465 2 bytes [DA, 77]
.text     C:\Users\Max\AppData\Local\Akamai\netsession_win.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                          0000000077da14bb 2 bytes [DA, 77]
.text     ...                                                                                                                                                                                                                                          * 2
.text     C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe[2912] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                                           0000000077da1465 2 bytes [DA, 77]
.text     C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe[2912] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                                          0000000077da14bb 2 bytes [DA, 77]
.text     ...                                                                                                                                                                                                                                          * 2
.text     C:\Users\Max\AppData\Local\Akamai\netsession_win.exe[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                           0000000077da1465 2 bytes [DA, 77]
.text     C:\Users\Max\AppData\Local\Akamai\netsession_win.exe[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                          0000000077da14bb 2 bytes [DA, 77]
.text     ...                                                                                                                                                                                                                                          * 2
.text     C:\Users\Max\Downloads\Defogger.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                            0000000077da1465 2 bytes [DA, 77]
.text     C:\Users\Max\Downloads\Defogger.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                           0000000077da14bb 2 bytes [DA, 77]
.text     ...                                                                                                                                                                                                                                          * 2
---- Processes - GMER 2.1 ----

Library   C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2476] (Copy Shell Extensions/Barracuda Networks, Inc.)(2014-03-12 06:46:22)                                                          000007fef6400000
Library   C:\Users\Max\AppData\Roaming\Copy\overlay\Brt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2476](2014-03-12 06:46:22)                                                                                                                 000007fef4780000
Library   C:\Users\Max\AppData\Roaming\Copy\Gui.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880](2014-02-04 14:27:02)                                                                                                 000007fef1180000
Library   C:\Users\Max\AppData\Roaming\Copy\Brt.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880](2014-02-04 14:43:24)                                                                                                 000007feef500000
Library   C:\Users\Max\AppData\Roaming\Copy\QtCore4.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-08-05 22:47:16)              000000006fe40000
Library   C:\Users\Max\AppData\Roaming\Copy\QtGui4.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-08-05 22:47:16)               000000006f4b0000
Library   C:\Users\Max\AppData\Roaming\Copy\AgentSync.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880](2014-02-0                                                                                                      000007feeea50000
Library   C:\Users\Max\AppData\Roaming\Copy\CloudSync.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880](2014-02-0                                                                                                      000007feee4e0000
Library   C:\Users\Max\AppData\Roaming\Copy\imageformats\qjpeg4.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [2880] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-08-05 22:47:50)  000007feed170000
Library   C:\Users\Max\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe [2912](2014-07-21 20:53:38)                                                                            00000000040a0000
Library   c:\users\max\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprdpjlr.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe [2912](2014-08-07 17:09:36)                              00000000044e0000
Library   C:\Users\Max\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe [2912](2013-10-18 23:55:02)                                                                                  000000006b270000
Library   C:\Users\Max\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe [2912] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)                                                    000000006d960000

---- EOF - GMER 2.1 ----
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Max (administrator) on MAX-PC on 07-08-2014 19:42:54
Running from C:\Users\Max\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Barracuda Networks, Inc.) C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe
(Dropbox, Inc.) C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Max\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [SkyDrive] => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-06] (Microsoft Corporation)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SkyDrive] => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-06] (Microsoft Corporation)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisallowRun] 1
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x91CEEDA11709CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\user.js
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\ich@maltegoetz.de [2014-07-09]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\sparpilot@sparpilot.com [2014-08-07]
FF Extension: DownloadHelper - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: ImageHost Grabber - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2013-02-12]
FF Extension: WEB.DE MailCheck - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\toolbar@web.de.xpi [2014-08-07]
FF Extension: Google Translator for Firefox - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\translator@zoli.bod.xpi [2013-02-12]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-12]
FF Extension: Tab Mix Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-12]
FF Extension: DownThemAll! - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-07-30]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Max\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [110952 2012-09-27] (Yamaha Corporation)
S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X]
S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 19:42 - 2014-08-07 19:43 - 00018979 _____ () C:\Users\Max\Downloads\FRST.txt
2014-08-07 19:42 - 2014-08-07 19:42 - 02094080 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-08-07 19:42 - 2014-08-07 19:42 - 00000000 ____D () C:\FRST
2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log
2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable
2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe
2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv
2014-08-07 18:40 - 2014-08-07 18:42 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv
2014-08-07 18:39 - 2014-08-07 18:39 - 00001038 _____ () C:\Users\Public\Desktop\MozBackup.lnk
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-08-07 18:38 - 2014-08-07 18:38 - 01101648 _____ () C:\Users\Max\Downloads\MozBackup - CHIP-Installer.exe
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239
2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_
2014-08-07 18:30 - 2014-08-07 18:30 - 00000110 ___RH () C:\Users\Max\Downloads\Stinger.opt
2014-08-07 18:20 - 2014-08-07 18:30 - 00000000 ____D () C:\Program Files\stinger
2014-08-07 18:20 - 2014-08-07 18:24 - 00000858 _____ () C:\Users\Max\Downloads\Stinger_07082014_182019.html
2014-08-07 18:19 - 2014-08-07 18:19 - 12353896 _____ (McAfee Inc) C:\Users\Max\Downloads\stinger64_CB-DL-Manager [1].exe
2014-08-07 18:19 - 2014-08-07 18:19 - 00787392 _____ ( ) C:\Users\Max\Downloads\stinger64_CB-DL-Manager.exe
2014-08-07 07:23 - 2014-08-07 19:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 07:23 - 2014-08-07 07:23 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-07 07:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8
2014-08-06 23:37 - 2014-08-07 18:31 - 00000183 _____ () C:\Users\Max\Desktop\Amazon.de.url
2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a
2014-08-06 23:36 - 2014-08-06 23:36 - 01035152 _____ () C:\Users\Max\Downloads\HDD-Low-Level-Format-Tool-lnstall.exe
2014-08-06 23:09 - 2014-08-06 23:09 - 00000000 ____D () C:\Users\Max\Downloads\testdisk-7.0-WIP
2014-08-06 23:08 - 2014-08-06 23:09 - 09868751 _____ () C:\Users\Max\Downloads\testdisk-7.0-WIP.win64.zip
2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk
2014-08-03 09:46 - 2014-08-03 09:46 - 00000809 _____ () C:\Users\Max\Desktop\In Depth Latency Tests.lnk
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon
2014-08-03 09:46 - 2013-10-21 12:26 - 00025504 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys
2014-08-01 07:15 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 07:15 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 07:15 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 07:15 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 07:15 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 07:15 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 07:15 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 07:15 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 07:15 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg
2014-07-30 07:54 - 2014-08-07 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-25 19:16 - 2014-07-25 19:16 - 00000000 ____D () C:\Users\Max\Downloads\Euthymia_Electronic_Organ
2014-07-25 19:08 - 2014-07-27 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-23 21:52 - 2014-07-23 22:25 - 00000000 ____D () C:\Users\Max\Downloads\Cubase Elements 7
2014-07-09 07:25 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 07:25 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 07:25 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 07:25 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 07:25 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 07:25 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 07:25 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 07:25 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 07:25 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 07:25 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 07:25 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 07:25 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 07:25 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 07:25 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 07:25 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 07:25 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 07:25 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 07:25 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 07:25 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 07:25 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 07:25 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 07:25 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 07:25 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 07:25 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 07:25 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 07:25 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 07:25 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 07:25 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 07:25 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 07:25 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 07:25 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 07:25 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 07:25 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 07:25 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 07:25 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 07:25 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 07:25 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 07:25 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 07:25 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 07:25 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 07:25 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 07:25 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 07:25 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 07:25 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 07:25 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 07:25 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 07:25 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 07:25 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 07:25 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 07:25 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 07:25 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 07:25 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 07:25 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 07:25 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 07:25 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 07:25 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 07:25 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:25 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 07:25 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:25 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:25 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 07:25 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:25 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 07:25 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 07:25 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 19:43 - 2014-08-07 19:42 - 00018979 _____ () C:\Users\Max\Downloads\FRST.txt
2014-08-07 19:42 - 2014-08-07 19:42 - 02094080 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-08-07 19:42 - 2014-08-07 19:42 - 00000000 ____D () C:\FRST
2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log
2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable
2014-08-07 19:39 - 2013-02-12 13:34 - 00000000 ____D () C:\Users\Max
2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe
2014-08-07 19:31 - 2014-05-26 07:29 - 00005118 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Max-PC-Max Max-PC
2014-08-07 19:19 - 2014-08-07 07:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 19:18 - 2014-07-30 07:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-07 19:18 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 19:18 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-07 19:16 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-08-07 19:16 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-08-07 19:16 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 19:14 - 2013-02-12 13:30 - 01978306 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 19:10 - 2014-03-12 08:46 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Copy
2014-08-07 19:10 - 2013-02-12 14:39 - 00000000 ___RD () C:\Users\Max\Dropbox
2014-08-07 19:10 - 2013-02-12 14:38 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Dropbox
2014-08-07 19:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 19:09 - 2009-07-14 06:51 - 00131116 _____ () C:\Windows\setupact.log
2014-08-07 18:53 - 2013-02-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 18:49 - 2013-02-12 15:07 - 00000000 ____D () C:\Users\Max\Downloads\JDownloader
2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv
2014-08-07 18:42 - 2014-08-07 18:40 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv
2014-08-07 18:39 - 2014-08-07 18:39 - 00001038 _____ () C:\Users\Public\Desktop\MozBackup.lnk
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-08-07 18:38 - 2014-08-07 18:38 - 01101648 _____ () C:\Users\Max\Downloads\MozBackup - CHIP-Installer.exe
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239
2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_
2014-08-07 18:31 - 2014-08-06 23:37 - 00000183 _____ () C:\Users\Max\Desktop\Amazon.de.url
2014-08-07 18:30 - 2014-08-07 18:30 - 00000110 ___RH () C:\Users\Max\Downloads\Stinger.opt
2014-08-07 18:30 - 2014-08-07 18:20 - 00000000 ____D () C:\Program Files\stinger
2014-08-07 18:24 - 2014-08-07 18:20 - 00000858 _____ () C:\Users\Max\Downloads\Stinger_07082014_182019.html
2014-08-07 18:19 - 2014-08-07 18:19 - 12353896 _____ (McAfee Inc) C:\Users\Max\Downloads\stinger64_CB-DL-Manager [1].exe
2014-08-07 18:19 - 2014-08-07 18:19 - 00787392 _____ ( ) C:\Users\Max\Downloads\stinger64_CB-DL-Manager.exe
2014-08-07 18:13 - 2013-02-12 14:57 - 00093034 _____ () C:\Windows\PFRO.log
2014-08-07 07:23 - 2014-08-07 07:23 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Malwarebytes
2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 23:45 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8
2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a
2014-08-06 23:36 - 2014-08-06 23:36 - 01035152 _____ () C:\Users\Max\Downloads\HDD-Low-Level-Format-Tool-lnstall.exe
2014-08-06 23:26 - 2013-12-20 15:05 - 13144064 _____ () C:\Users\Max\AppData\Roaming\Sandra.mdb
2014-08-06 23:09 - 2014-08-06 23:09 - 00000000 ____D () C:\Users\Max\Downloads\testdisk-7.0-WIP
2014-08-06 23:09 - 2014-08-06 23:08 - 09868751 _____ () C:\Users\Max\Downloads\testdisk-7.0-WIP.win64.zip
2014-08-06 22:45 - 2014-03-06 00:18 - 00000000 ___RD () C:\Users\Max\OneDrive
2014-08-06 22:45 - 2014-03-06 00:17 - 00002198 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-06 07:51 - 2013-02-13 11:30 - 00000000 ____D () C:\Users\Max\AppData\Roaming\vlc
2014-08-06 07:34 - 2013-02-12 15:06 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-05 07:29 - 2013-02-14 16:46 - 00000000 ____D () C:\Users\Max\Downloads\Musik
2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk
2014-08-03 09:46 - 2014-08-03 09:46 - 00000809 _____ () C:\Users\Max\Desktop\In Depth Latency Tests.lnk
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon
2014-08-01 17:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-30 22:23 - 2013-02-12 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-27 20:20 - 2014-07-25 19:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-27 20:20 - 2014-05-01 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2014-07-27 19:38 - 2013-03-04 13:17 - 00000000 ____D () C:\Users\Max\Downloads\ihg
2014-07-25 19:16 - 2014-07-25 19:16 - 00000000 ____D () C:\Users\Max\Downloads\Euthymia_Electronic_Organ
2014-07-24 16:18 - 2013-05-08 07:13 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 23:38 - 2013-04-13 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 22:25 - 2014-07-23 21:52 - 00000000 ____D () C:\Users\Max\Downloads\Cubase Elements 7
2014-07-23 21:13 - 2013-02-12 14:39 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 07:21 - 2014-07-05 15:43 - 00000000 ____D () C:\Users\Max\AppData\Local\Adobe
2014-07-09 17:45 - 2009-07-14 06:45 - 03056904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 17:44 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 08:17 - 2013-08-14 08:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 08:16 - 2013-02-13 17:53 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 22:53 - 2013-02-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 22:53 - 2013-02-13 11:58 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 22:53 - 2013-02-13 11:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\Max\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Max\AppData\Local\Temp\AskSLib.dll
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\drm_dyndata_7390005.dll
C:\Users\Max\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprdpjlr.dll
C:\Users\Max\AppData\Local\Temp\FoxySecurity_6.2_GIGA_FF_IE_Setup.exe
C:\Users\Max\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Max\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Max\AppData\Local\Temp\HDDLLFsetup.4.12.exe
C:\Users\Max\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Max\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Max\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Max\AppData\Local\Temp\sdapskill.exe
C:\Users\Max\AppData\Local\Temp\sdaspwn.exe
C:\Users\Max\AppData\Local\Temp\uninst1.exe
C:\Users\Max\AppData\Local\Temp\uninstall.exe
C:\Users\Max\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 21:15

==================== End Of Log ============================
         
Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Max at 2014-08-07 19:43:13
Running from C:\Users\Max\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe After Effects CS4 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Template Projects & Footage (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Production Premium (HKLM-x32\...\Adobe_36ac9dc8c9a94feb9e5886810012e78) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Production Premium (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CS4 American English Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 French Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 German Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 International English Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 Italian Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 Japanese Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 Korean Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 Spanish Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Library (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-other (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe OnLocation CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ALDI Bestellsoftware 4.13 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.13 - ORWO Net)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2210 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{42036760-2DA4-43C4-A48A-9F90A0F1FA0E}) (Version: 1.0.0060 - Brother Industries, Ltd.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Copy (HKLM\...\{664279F5-676C-47F5-BCAE-736A4689980D}) (Version: 1.42.277.0 - Barracuda Networks, Inc.)
DigiTech RP350 ASIO (remove only) (HKLM-x32\...\DigiTech RP350 driver) (Version:  - )
DigiTech X-Edit 2.3.1 (HKLM-x32\...\{2FEAEADA-1FBF-434D-8EE0-D136F5D21E75}) (Version: 2.3.1.2 - DigiTech)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
DVDFab 8.2.2.7 (06/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2138 - Steinberg Media Technologies GmbH)
EZdrummer Lite Edition 64 bit (HKLM\...\{3EE0A883-703C-44E1-B1E2-899E541B35F6}) (Version: 1.3.1 - Toontrack)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FreeFileSync 5.12 (HKLM-x32\...\FreeFileSync) (Version: 5.12 - Zenju)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
MAGIX Analogue Modelling Suite Plus (HKLM\...\MX.{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Analogue Modelling Suite Plus (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Burn routines (64-Bit) (HKLM\...\{49146694-5F5F-4B1F-AD15-6587F47A0FD7}) (Version: 9.0.0.212 - MAGIX AG)
MAGIX Burn routines (HKLM\...\{A64B679B-E591-4C74-B74A-147E0CCEDCE4}) (Version: 11.0.0.238 - MAGIX Software GmbH)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX essentialFX Suite (HKLM\...\MX.{CB7B17F4-3833-4699-890B-52C5D0AB926D}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX essentialFX Suite (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Independence Libraries Common Files (HKLM\...\MX.{34563DEE-79CD-4E2B-B41B-41A81B8188F0}) (Version: 3.2.0.0 - MAGIX AG)
MAGIX Independence Libraries Common Files (Version: 3.2.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.2 VST-Plugins (HKLM\...\MX.{CE4E2B9B-9D8C-4857-8BD5-230CE6E24A3B}) (Version: 3.2.0.0 - MAGIX AG)
MAGIX Independence Pro 3.2 VST-Plugins (Version: 3.2.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro Software Suite 3.2 (HKLM-x32\...\MX.{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.2.0.91 - MAGIX AG)
MAGIX Independence Pro Software Suite 3.2 (Version: 3.2.0.91 - MAGIX AG) Hidden
MAGIX Low Latency Driver (64-Bit) (HKLM\...\{42976FDB-5756-4077-A491-095F228E99E2}) (Version: 2.10.2011.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{7A5D8D42-3688-47B3-B5BA-923B1DDFAA2B}) (Version: 20.0.0.28 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Version: 20.0.0.28 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Update (Version: 20.0.3.45 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Update (Version: 20.0.4.49 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Update (Version: 20.0.5.56 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2014 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Studio 2 (HKLM-x32\...\MX.{B0A66D5D-A76E-4E9C-82F0-97211F0D0A66}) (Version: 20.0.0.10 - MAGIX AG)
MAGIX Music Studio 2 (Version: 20.0.0.10 - MAGIX AG) Hidden
Magix Music Studio 2 Update (Version: 20.0.2.16 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{CE49B99B-D42B-4F25-801A-5AA719CDA823}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Vandal VST-PlugIn (HKLM\...\MX.{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Vandal VST-PlugIn (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX VariVerb II VST-PlugIn (HKLM\...\MX.{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX VariVerb II VST-PlugIn (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Vintage Effects Suite (HKLM\...\MX.{48978B41-9CD5-4274-9519-B622DD89727D}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Vintage Effects Suite (Version: 1.0.0.0 - MAGIX AG) Hidden
MailStore Home 7.1.0.7815 (HKLM-x32\...\MailStore Home_universal1) (Version: 7.1.0.7815 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Outlook 2013 - de-de (HKLM\...\OutlookRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MusicBee 2.0 (HKLM-x32\...\MusicBee) (Version: 2.0 - Steven Mayall)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NVIDIA PhysX (HKLM-x32\...\{506DDFBE-983F-4BC3-84B8-65F423B2D798}) (Version: 9.09.0209 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Outlook Backup Assistant 7 (Testversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7.0 - Priotecs IT GmbH)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
RippMe (HKLM-x32\...\{D5E3232E-BE61-45FA-96BB-700349EFF048}) (Version: 3.04 - Lindy)
Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.40.0.0 - Ascaron Entertainment)
Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{A7825894-390D-4BBB-9EDC-C829F8B2C271}) (Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden
Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (HKLM-x32\...\{DA120551-51CE-3195-8F9E-93D822F61597}) (Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (HKLM-x32\...\{E80D368A-7860-33B0-AD3C-4C94D8023141}) (Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (HKLM-x32\...\{D1B56A67-E132-39BB-8250-BE265061B712}) (Version: 1.0.0.0 - MAGIX AG)
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SiSoftware Sandra Lite 2013.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.29.2013.3 - SiSoftware)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg Cubase LE 4 (HKLM-x32\...\{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}) (Version: 4.0.3.2233 - Steinberg Media Technologies GmbH)
Steinberg Cubase LE AI Elements 7 64bit (HKLM\...\{67E7C608-D0EA-4273-B374-50ABE42FBE08}) (Version: 7.0.5 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Syncrosoft Lizenz Kontrolle (HKLM-x32\...\Syncrosoft License Control) (Version:  - SIA Syncrosoft)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Toontrack solo 64 bit (HKLM\...\{FA9D0D8C-FDD1-45C2-8291-079FBA72D2CB}) (Version: 1.3.1 - Toontrack)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VidCoder 1.3.4 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.3.4 - RandomEngy)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Drum Engine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano Update (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Jazz Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Pop Brass (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ Update (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WiMP 2.5.0 (HKLM-x32\...\com.aspiro.wimp.de.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1) (Version: 2.5.0 - Aspiro AS)
WiMP 2.5.0 (x32 Version: 2.5.0 - Aspiro AS) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{BD21DB89-00D4-4D6D-9614-E35A5DE792C6}) (Version: 1.7.1 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.7.1 - Yamaha Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{6295A54D-BD2A-4CF7-A288-62B0D91F7879}\InprocServer32 -> C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{743035C6-FA33-39DF-A741-34A81649705C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{E3DF3DC0-3869-3CF6-9638-ACE5BFCF8341}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{E444D266-68C3-4748-91FC-49A65C606776}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Max\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll No File
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1865603631-1092788096-2546801250-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

22-07-2014 20:22:38 Windows Update
23-07-2014 21:36:55 Windows Update
28-07-2014 19:45:41 Installiert Yamaha Steinberg USB Driver
29-07-2014 20:26:22 Windows Update
01-08-2014 05:15:15 Windows Update
02-08-2014 04:12:46 Windows Update
06-08-2014 05:18:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {123B44FD-9C7A-46D5-98FF-B6FF20D67870} - System32\Tasks\ShouldIRemoveIt => C:\Users\Max\AppData\Roaming\Reason\Should I Remove It\ShouldIRemoveIt.exe [2013-02-08] (Reason Software Company Inc.)
Task: {1B7A9B73-03FB-4771-9EE8-F688E2B15095} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-19] (Microsoft Corporation)
Task: {27F2EFCA-EF48-4CDD-A9FD-135FB62E61DF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {91C0971E-5FB1-45E4-853E-11532EF256C9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Max-PC-Max Max-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation)
Task: {A830CE69-F3FF-47F5-9AFD-6D42790EF177} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-19] (Microsoft Corporation)
Task: {B1084A38-5AD0-4DC3-817C-07B135AC267F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-16 08:13 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-12 08:46 - 2014-06-12 07:29 - 08212480 _____ () C:\Users\Max\AppData\Roaming\Copy\overlay\Brt.dll
2014-02-04 16:27 - 2014-08-04 21:13 - 02092544 _____ () C:\Users\Max\AppData\Roaming\Copy\Gui.dll
2014-02-04 16:43 - 2014-08-04 21:13 - 08212480 _____ () C:\Users\Max\AppData\Roaming\Copy\Brt.dll
2014-02-04 16:29 - 2014-08-04 21:13 - 09222656 _____ () C:\Users\Max\AppData\Roaming\Copy\AgentSync.dll
2014-02-04 16:27 - 2014-08-04 21:13 - 05329920 _____ () C:\Users\Max\AppData\Roaming\Copy\CloudSync.dll
2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-07 19:09 - 2014-08-07 19:09 - 00043008 _____ () c:\users\max\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprdpjlr.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Max\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-30 07:54 - 2014-07-30 07:54 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Max^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2014 07:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9e4

Startzeit: 01cfb25a918d3b46

Endzeit: 12964

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 75d7fbee-1e54-11e4-9b47-e0cb4e197ea5

Error: (08/07/2014 07:42:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm sidebar.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 874

Startzeit: 01cfb2024d03a44d

Endzeit: 0

Anwendungspfad: C:\Program Files\Windows Sidebar\sidebar.exe

Berichts-ID: 9111a705-1df5-11e4-8aca-e0cb4e197ea5

Error: (08/06/2014 10:48:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5f0

Startzeit: 01cfb1b750b2f796

Endzeit: 18237

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: fa621d46-1daa-11e4-bce2-e0cb4e197ea5

Error: (08/06/2014 10:37:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 978

Startzeit: 01cfb1b5e459c325

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 6bf39194-1da9-11e4-8238-e0cb4e197ea5

Error: (08/04/2014 10:35:11 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/03/2014 10:03:42 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/02/2014 03:28:10 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/01/2014 05:29:07 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (07/31/2014 08:27:47 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (07/30/2014 08:26:50 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.


System errors:
=============
Error: (08/07/2014 07:10:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.

Error: (08/07/2014 06:46:38 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (08/07/2014 06:34:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Hub Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/07/2014 06:20:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/07/2014 06:20:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/07/2014 06:19:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.

Error: (08/07/2014 06:15:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Server" wurde nicht richtig gestartet.

Error: (08/07/2014 06:11:27 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (08/07/2014 07:45:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.

Error: (08/07/2014 07:41:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Server" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (08/07/2014 07:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175149e401cfb25a918d3b4612964C:\Windows\Explorer.EXE75d7fbee-1e54-11e4-9b47-e0cb4e197ea5

Error: (08/07/2014 07:42:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: sidebar.exe6.1.7601.1751487401cfb2024d03a44d0C:\Program Files\Windows Sidebar\sidebar.exe9111a705-1df5-11e4-8aca-e0cb4e197ea5

Error: (08/06/2014 10:48:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.175145f001cfb1b750b2f79618237C:\Windows\explorer.exefa621d46-1daa-11e4-bce2-e0cb4e197ea5

Error: (08/06/2014 10:37:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1751497801cfb1b5e459c3250C:\Windows\Explorer.EXE6bf39194-1da9-11e4-8238-e0cb4e197ea5

Error: (08/04/2014 10:35:11 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2

Error: (08/03/2014 10:03:42 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2

Error: (08/02/2014 03:28:10 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2

Error: (08/01/2014 05:29:07 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2

Error: (07/31/2014 08:27:47 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2

Error: (07/30/2014 08:26:50 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifestc:\program files (x86)\outlook backup assistant\AddIn\adxloader.dll.Manifest2


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 6135.11 MB
Available physical RAM: 3798.9 MB
Total Pagefile: 12268.41 MB
Available Pagefile: 9775.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:238.47 GB) (Free:70.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:465.62 GB) NTFS
Drive e: (Backup) (Fixed) (Total:488.28 GB) (Free:254.52 GB) NTFS
Drive f: (Filme) (Fixed) (Total:465.75 GB) (Free:74.64 GB) NTFS
Drive g: (Stuff) (Fixed) (Total:443.23 GB) (Free:122.7 GB) NTFS
Drive h: (Storage) (Fixed) (Total:931.51 GB) (Free:302.5 GB) NTFS
Drive i: (YE968B0) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 28A1826A)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E1331ECC)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E1331ECD)
Partition 1: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1D86F4CE)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Malwarebaytes musste ich an den Thread dranhängen weil es von der Zeichenanzahl nicht mehr reingepasst hat.


So, das sollte es gewesen sein.
Vielen, vielen Dank für die Hilfe!

Grüße und einen schönen Abend,
Max
Angehängte Dateien
Dateityp: txt malwarebytes.txt (24,5 KB, 115x aufgerufen)

Alt 07.08.2014, 19:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde



hi,

welche Platte wude formatiert? Die mit Windows drauf?
__________________

__________________

Alt 07.08.2014, 19:41   #3
Deadwing
 
Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde



Hi, nein, es war eine Datenpartition. Ich hab eine Datenplatte in 2 Partitionen aufgeteilt und nur eine davon wurde formatiert.
__________________

Alt 08.08.2014, 16:22   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.08.2014, 22:47   #5
Deadwing
 
Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde



Hi, vielen Dank für die Antwort.
Hier die gewünschten Logs:

ADW:

Code:
ATTFilter
# AdwCleaner v3.303 - Bericht erstellt am 08/08/2014 um 15:21:40
# Aktualisiert 06/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Max - MAX-PC
# Gestartet von : C:\Users\Max\Downloads\adwcleaner_3.303.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\FoxTab
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\c0m4bv2z.default\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\invalidprefs.js
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\searchplugins\Startsear.xml
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\user.js
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\c0m4bv2z.default\user.js
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKCU\Software\92dfdfe56eec43
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Babylon
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6p45kniy.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search (powered by Google)");
Zeile gelöscht : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n  <replacements>\n    <replacement>\n      <key><![CDATA[__REGION__PLACEHOLDER__]]></key>\n      <v[...]
Zeile gelöscht : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,{DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2,{E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.5.4,{dc572301-7619-498c-a57d-[...]
Zeile gelöscht : user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.webbooster@iminent.com.install-event-fired", true);
Zeile gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gelöscht : user_pref("surfcanyon.last_checked_ts", "1266964806208");

[ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\c0m4bv2z.default\prefs.js ]


[ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.id", "b416ab02000000000000e0cb4e197ea5");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15748");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.014:04:36");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");

*************************

AdwCleaner[R0].txt - [5635 octets] - [08/08/2014 15:20:16]
AdwCleaner[S0].txt - [5510 octets] - [08/08/2014 15:21:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5570 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Max on 08.08.2014 at 23:41:07,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1865603631-1092788096-2546801250-1001\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\chromehplog.txt"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\simplitec"
Successfully deleted: [Folder] "C:\Users\Max\AppData\Roaming\simplitec"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\i1zg6oxg.default\extensions\staged
Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\i1zg6oxg.default\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.08.2014 at 23:43:00,35
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Neue Frst:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Max (administrator) on MAX-PC on 08-08-2014 23:44:22
Running from C:\Users\Max\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Barracuda Networks, Inc.) C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [SkyDrive] => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-06] (Microsoft Corporation)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-08-04] (Glarysoft Ltd)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x91CEEDA11709CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\ich@maltegoetz.de [2014-07-09]
FF Extension: WOT - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-07]
FF Extension: DownloadHelper - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: ImageHost Grabber - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2013-02-12]
FF Extension: Ghostery - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\firefox@ghostery.com.xpi [2014-08-07]
FF Extension: Google Translator for Firefox - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\translator@zoli.bod.xpi [2013-02-12]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-12]
FF Extension: Tab Mix Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-12]
FF Extension: DownThemAll! - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-12]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Max\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-07] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [110952 2012-09-27] (Yamaha Corporation)
S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X]
S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 23:43 - 2014-08-08 23:43 - 00001383 _____ () C:\Users\Max\Desktop\JRT.txt
2014-08-08 23:37 - 2014-08-08 23:37 - 01016261 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe
2014-08-08 23:37 - 2014-08-08 23:37 - 00000000 ____D () C:\Windows\ERUNT
2014-08-08 15:23 - 2014-08-08 15:23 - 00000306 _____ () C:\Windows\PFRO.log
2014-08-08 15:20 - 2014-08-08 15:21 - 00000000 ____D () C:\AdwCleaner
2014-08-08 15:19 - 2014-08-08 15:20 - 01475072 _____ () C:\Users\Max\Downloads\adwcleaner_3.303.exe
2014-08-08 07:33 - 2014-08-08 07:38 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 07:33 - 2014-08-08 07:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 07:29 - 2014-08-08 23:40 - 00000392 _____ () C:\Windows\setupact.log
2014-08-08 07:29 - 2014-08-08 07:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 22:06 - 2014-08-07 22:06 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-07 22:06 - 2014-08-07 22:06 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-07 22:05 - 2014-08-08 23:40 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-07 22:05 - 2014-08-08 07:29 - 00000000 ____D () C:\Users\Max\AppData\Roaming\DiskDefrag
2014-08-07 22:05 - 2014-08-07 22:06 - 00002964 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-08-07 22:05 - 2014-08-07 22:06 - 00002618 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-08-07 22:05 - 2014-08-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-07 22:05 - 2014-08-07 22:05 - 14416304 _____ () C:\Users\Max\Downloads\Glary_Utilities_v5.5.0.12.exe
2014-08-07 22:05 - 2014-08-07 22:05 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-07 22:05 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\GlarySoft
2014-08-07 22:05 - 2014-08-04 03:42 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-08-07 22:05 - 2014-07-18 09:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-08-07 22:04 - 2014-08-07 22:04 - 06685392 _____ (Glarysoft Ltd ) C:\Users\Max\Downloads\gusetup_slim_2.56.exe
2014-08-07 20:53 - 2014-08-07 20:53 - 00225980 _____ () C:\Users\Max\Documents\cc_20140807_205320.reg
2014-08-07 20:51 - 2014-08-07 20:51 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-07 20:51 - 2014-08-07 20:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-07 20:12 - 2014-08-07 20:12 - 00025078 _____ () C:\Users\Max\Downloads\malwarebytes.txt
2014-08-07 19:54 - 2014-08-07 19:54 - 00009648 _____ () C:\Users\Max\Downloads\gmer_log.log
2014-08-07 19:48 - 2014-08-07 19:48 - 00380416 _____ () C:\Users\Max\Downloads\Gmer-19357.exe
2014-08-07 19:43 - 2014-08-07 19:43 - 00046491 _____ () C:\Users\Max\Downloads\Addition.txt
2014-08-07 19:42 - 2014-08-08 23:44 - 00017367 _____ () C:\Users\Max\Downloads\FRST.txt
2014-08-07 19:42 - 2014-08-08 23:44 - 00000000 ____D () C:\FRST
2014-08-07 19:42 - 2014-08-07 19:42 - 02094080 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log
2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable
2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe
2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv
2014-08-07 18:40 - 2014-08-07 18:42 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239
2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_
2014-08-07 18:20 - 2014-08-07 18:30 - 00000000 ____D () C:\Program Files\stinger
2014-08-07 07:23 - 2014-08-08 23:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-07 07:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8
2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a
2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon
2014-08-03 09:46 - 2013-10-21 12:26 - 00025504 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys
2014-08-01 07:15 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 07:15 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 07:15 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 07:15 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 07:15 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 07:15 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 07:15 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 07:15 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 07:15 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg
2014-07-30 07:54 - 2014-08-07 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-25 19:08 - 2014-07-27 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-09 07:25 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 07:25 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 07:25 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 07:25 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 07:25 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 07:25 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 07:25 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 07:25 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 07:25 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 07:25 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 07:25 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 07:25 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 07:25 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 07:25 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 07:25 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 07:25 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 07:25 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 07:25 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 07:25 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 07:25 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 07:25 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 07:25 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 07:25 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 07:25 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 07:25 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 07:25 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 07:25 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 07:25 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 07:25 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 07:25 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 07:25 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 07:25 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 07:25 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 07:25 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 07:25 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 07:25 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 07:25 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 07:25 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 07:25 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 07:25 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 07:25 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 07:25 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 07:25 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 07:25 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 07:25 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 07:25 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 07:25 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 07:25 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 07:25 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 07:25 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 07:25 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 07:25 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 07:25 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 07:25 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 07:25 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 07:25 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 07:25 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:25 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 07:25 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:25 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:25 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 07:25 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:25 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 07:25 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 07:25 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 23:44 - 2014-08-07 19:42 - 00017367 _____ () C:\Users\Max\Downloads\FRST.txt
2014-08-08 23:44 - 2014-08-07 19:42 - 00000000 ____D () C:\FRST
2014-08-08 23:43 - 2014-08-08 23:43 - 00001383 _____ () C:\Users\Max\Desktop\JRT.txt
2014-08-08 23:41 - 2014-08-07 07:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 23:41 - 2014-05-26 07:29 - 00005120 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Max-PC-Max Max-PC
2014-08-08 23:41 - 2014-03-12 08:46 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Copy
2014-08-08 23:40 - 2014-08-08 07:29 - 00000392 _____ () C:\Windows\setupact.log
2014-08-08 23:40 - 2014-08-07 22:05 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-08 23:40 - 2013-02-12 14:39 - 00000000 ___RD () C:\Users\Max\Dropbox
2014-08-08 23:40 - 2013-02-12 14:38 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Dropbox
2014-08-08 23:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 23:39 - 2013-02-12 13:30 - 02073883 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 23:37 - 2014-08-08 23:37 - 01016261 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe
2014-08-08 23:37 - 2014-08-08 23:37 - 00000000 ____D () C:\Windows\ERUNT
2014-08-08 22:53 - 2013-02-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-08 15:31 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 15:31 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 15:28 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-08-08 15:28 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-08-08 15:28 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 15:23 - 2014-08-08 15:23 - 00000306 _____ () C:\Windows\PFRO.log
2014-08-08 15:21 - 2014-08-08 15:20 - 00000000 ____D () C:\AdwCleaner
2014-08-08 15:20 - 2014-08-08 15:19 - 01475072 _____ () C:\Users\Max\Downloads\adwcleaner_3.303.exe
2014-08-08 07:48 - 2013-02-13 11:30 - 00000000 ____D () C:\Users\Max\AppData\Roaming\vlc
2014-08-08 07:38 - 2014-08-08 07:33 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 07:38 - 2014-08-08 07:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 07:38 - 2013-02-12 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 07:38 - 2013-02-12 14:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 07:33 - 2013-02-12 14:30 - 00000000 ____D () C:\ProgramData\Avira
2014-08-08 07:29 - 2014-08-08 07:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 07:29 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\DiskDefrag
2014-08-07 22:46 - 2013-02-12 15:07 - 00000000 ____D () C:\Users\Max\Downloads\JDownloader
2014-08-07 22:13 - 2013-02-14 16:46 - 00000000 ____D () C:\Users\Max\Downloads\Musik
2014-08-07 22:06 - 2014-08-07 22:06 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-07 22:06 - 2014-08-07 22:06 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-07 22:06 - 2014-08-07 22:05 - 00002964 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-08-07 22:06 - 2014-08-07 22:05 - 00002618 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-08-07 22:06 - 2014-08-07 22:05 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-07 22:05 - 2014-08-07 22:05 - 14416304 _____ () C:\Users\Max\Downloads\Glary_Utilities_v5.5.0.12.exe
2014-08-07 22:05 - 2014-08-07 22:05 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-07 22:05 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\GlarySoft
2014-08-07 22:04 - 2014-08-07 22:04 - 06685392 _____ (Glarysoft Ltd ) C:\Users\Max\Downloads\gusetup_slim_2.56.exe
2014-08-07 21:24 - 2013-02-12 14:39 - 00122464 _____ () C:\Users\Max\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-07 21:24 - 2009-07-14 06:45 - 03056152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-07 20:58 - 2013-12-08 19:22 - 00000000 ____D () C:\Program Files (x86)\Pixum
2014-08-07 20:57 - 2014-02-17 20:13 - 00000000 ____D () C:\Users\Max\AppData\Local\Google
2014-08-07 20:57 - 2014-02-17 20:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-07 20:53 - 2014-08-07 20:53 - 00225980 _____ () C:\Users\Max\Documents\cc_20140807_205320.reg
2014-08-07 20:52 - 2013-02-12 18:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-07 20:52 - 2013-02-12 13:26 - 00000000 ____D () C:\Windows\Panther
2014-08-07 20:51 - 2014-08-07 20:51 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-07 20:51 - 2014-08-07 20:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-07 20:12 - 2014-08-07 20:12 - 00025078 _____ () C:\Users\Max\Downloads\malwarebytes.txt
2014-08-07 19:58 - 2013-02-12 14:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-07 19:54 - 2014-08-07 19:54 - 00009648 _____ () C:\Users\Max\Downloads\gmer_log.log
2014-08-07 19:48 - 2014-08-07 19:48 - 00380416 _____ () C:\Users\Max\Downloads\Gmer-19357.exe
2014-08-07 19:43 - 2014-08-07 19:43 - 00046491 _____ () C:\Users\Max\Downloads\Addition.txt
2014-08-07 19:42 - 2014-08-07 19:42 - 02094080 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log
2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable
2014-08-07 19:39 - 2013-02-12 13:34 - 00000000 ____D () C:\Users\Max
2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe
2014-08-07 19:18 - 2014-07-30 07:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv
2014-08-07 18:42 - 2014-08-07 18:40 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239
2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_
2014-08-07 18:30 - 2014-08-07 18:20 - 00000000 ____D () C:\Program Files\stinger
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Malwarebytes
2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 23:45 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8
2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a
2014-08-06 23:26 - 2013-12-20 15:05 - 13144064 _____ () C:\Users\Max\AppData\Roaming\Sandra.mdb
2014-08-06 22:45 - 2014-03-06 00:18 - 00000000 ___RD () C:\Users\Max\OneDrive
2014-08-06 22:45 - 2014-03-06 00:17 - 00002198 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-06 07:34 - 2013-02-12 15:06 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-04 03:42 - 2014-08-07 22:05 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon
2014-08-01 17:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-30 22:23 - 2013-02-12 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-27 20:20 - 2014-07-25 19:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-27 20:20 - 2014-05-01 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2014-07-24 16:18 - 2013-05-08 07:13 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 23:38 - 2013-04-13 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 21:13 - 2013-02-12 14:39 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 07:21 - 2014-07-05 15:43 - 00000000 ____D () C:\Users\Max\AppData\Local\Adobe
2014-07-18 09:11 - 2014-08-07 22:05 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-09 17:44 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 08:17 - 2013-08-14 08:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 08:16 - 2013-02-13 17:53 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8exgan.dll
C:\Users\Max\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 08:44

==================== End Of Log ============================
         
--- --- ---


Grüße
Max


Alt 09.08.2014, 14:30   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde

Alt 09.08.2014, 22:32   #7
Deadwing
 
Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde



ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e58592392a36764ea274391cc4793bfc
# engine=19578
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-09 06:44:51
# local_time=2014-08-09 08:44:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 4265 46941370 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 41318 159239741 0 0
# scanned=363893
# found=7
# cleaned=0
# scan_time=4057
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=F9DA58E7940D1A7FA8583D165D6505B2C721B517 ft=1 fh=b5d37b2c1061e27d vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\Wichtige Programme\xxxxx\FreeFileSync_5.11_setup.exe"
sh=E158071CD7B4A083315C36A43A9C7884112B7197 ft=1 fh=bf17d7ab9c277b30 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\Wichtige Programme\xxxxx\FreeFileSync_5.12_setup.exe"
sh=0BFF84AA6CC4CCF580EAE2FBF4C129FA6EA612C4 ft=1 fh=9fe1a4845276fe8f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\Wichtige Programme\xxxxx\Unlocker1.9.1-x64.exe"
         
Checkup:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Mozilla Thunderbird (24.6.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01
Ran by Max (administrator) on MAX-PC on 09-08-2014 23:30:12
Running from C:\Users\Max\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Barracuda Networks, Inc.) C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Oracle Corporation) C:\Program Files (x86)\JDownloader\jre\bin\javaw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [SkyDrive] => C:\Users\Max\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-06] (Microsoft Corporation)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [Copy] => C:\Users\Max\AppData\Roaming\Copy\CopyAgent.exe [15367824 2014-08-04] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-08-04] (Glarysoft Ltd)
HKU\S-1-5-21-1865603631-1092788096-2546801250-1001\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Max\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x91CEEDA11709CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\ich@maltegoetz.de [2014-07-09]
FF Extension: No Name - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\staged [2014-08-09]
FF Extension: WOT - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-07]
FF Extension: DownloadHelper - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: ImageHost Grabber - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2013-02-12]
FF Extension: Ghostery - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\firefox@ghostery.com.xpi [2014-08-07]
FF Extension: Google Translator for Firefox - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\translator@zoli.bod.xpi [2013-02-12]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-12]
FF Extension: Tab Mix Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-12]
FF Extension: DownThemAll! - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\i1zg6oxg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-12]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Max\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [68760 2009-02-04] (SiSoftware) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-07] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [110952 2012-09-27] (Yamaha Corporation)
S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X]
S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 23:30 - 2014-08-09 23:30 - 00000000 ____D () C:\Users\Max\Downloads\FRST-OlderVersion
2014-08-09 23:27 - 2014-08-09 23:27 - 00854410 _____ () C:\Users\Max\Downloads\SecurityCheck.exe
2014-08-09 19:34 - 2014-08-09 19:34 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_deu.exe
2014-08-09 19:34 - 2014-08-09 19:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-09 09:25 - 2014-08-09 09:30 - 481022452 _____ () C:\Users\Max\Downloads\BL2014-07-14.rar
2014-08-08 23:43 - 2014-08-08 23:43 - 00001383 _____ () C:\Users\Max\Desktop\JRT.txt
2014-08-08 23:37 - 2014-08-08 23:37 - 01016261 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe
2014-08-08 23:37 - 2014-08-08 23:37 - 00000000 ____D () C:\Windows\ERUNT
2014-08-08 15:23 - 2014-08-08 15:23 - 00000306 _____ () C:\Windows\PFRO.log
2014-08-08 15:20 - 2014-08-08 15:21 - 00000000 ____D () C:\AdwCleaner
2014-08-08 15:19 - 2014-08-08 15:20 - 01475072 _____ () C:\Users\Max\Downloads\adwcleaner_3.303.exe
2014-08-08 07:33 - 2014-08-08 07:38 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 07:33 - 2014-08-08 07:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 07:29 - 2014-08-09 19:30 - 00000672 _____ () C:\Windows\setupact.log
2014-08-08 07:29 - 2014-08-08 07:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 22:06 - 2014-08-07 22:06 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-07 22:06 - 2014-08-07 22:06 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-07 22:05 - 2014-08-09 19:30 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-07 22:05 - 2014-08-08 07:29 - 00000000 ____D () C:\Users\Max\AppData\Roaming\DiskDefrag
2014-08-07 22:05 - 2014-08-07 22:06 - 00002964 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-08-07 22:05 - 2014-08-07 22:06 - 00002618 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-08-07 22:05 - 2014-08-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-07 22:05 - 2014-08-07 22:05 - 14416304 _____ () C:\Users\Max\Downloads\Glary_Utilities_v5.5.0.12.exe
2014-08-07 22:05 - 2014-08-07 22:05 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-07 22:05 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\GlarySoft
2014-08-07 22:05 - 2014-08-04 03:42 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-08-07 22:05 - 2014-07-18 09:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-08-07 22:04 - 2014-08-07 22:04 - 06685392 _____ (Glarysoft Ltd ) C:\Users\Max\Downloads\gusetup_slim_2.56.exe
2014-08-07 20:53 - 2014-08-07 20:53 - 00225980 _____ () C:\Users\Max\Documents\cc_20140807_205320.reg
2014-08-07 20:51 - 2014-08-07 20:51 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-07 20:51 - 2014-08-07 20:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-07 20:12 - 2014-08-07 20:12 - 00025078 _____ () C:\Users\Max\Downloads\malwarebytes.txt
2014-08-07 19:54 - 2014-08-07 19:54 - 00009648 _____ () C:\Users\Max\Downloads\gmer_log.log
2014-08-07 19:48 - 2014-08-07 19:48 - 00380416 _____ () C:\Users\Max\Downloads\Gmer-19357.exe
2014-08-07 19:43 - 2014-08-07 19:43 - 00046491 _____ () C:\Users\Max\Downloads\Addition.txt
2014-08-07 19:42 - 2014-08-09 23:30 - 02093568 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-08-07 19:42 - 2014-08-09 23:30 - 00017422 _____ () C:\Users\Max\Downloads\FRST.txt
2014-08-07 19:42 - 2014-08-09 23:30 - 00000000 ____D () C:\FRST
2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log
2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable
2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe
2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv
2014-08-07 18:40 - 2014-08-07 18:42 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239
2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_
2014-08-07 18:20 - 2014-08-07 18:30 - 00000000 ____D () C:\Program Files\stinger
2014-08-07 07:23 - 2014-08-09 21:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-07 07:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8
2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a
2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon
2014-08-03 09:46 - 2013-10-21 12:26 - 00025504 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys
2014-08-01 07:15 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 07:15 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 07:15 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 07:15 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 07:15 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 07:15 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 07:15 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 07:15 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 07:15 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 07:15 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg
2014-07-30 07:54 - 2014-08-07 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-25 19:08 - 2014-07-27 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 23:30 - 2014-08-09 23:30 - 00000000 ____D () C:\Users\Max\Downloads\FRST-OlderVersion
2014-08-09 23:30 - 2014-08-07 19:42 - 02093568 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-08-09 23:30 - 2014-08-07 19:42 - 00017422 _____ () C:\Users\Max\Downloads\FRST.txt
2014-08-09 23:30 - 2014-08-07 19:42 - 00000000 ____D () C:\FRST
2014-08-09 23:27 - 2014-08-09 23:27 - 00854410 _____ () C:\Users\Max\Downloads\SecurityCheck.exe
2014-08-09 23:25 - 2014-03-12 08:46 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Copy
2014-08-09 23:01 - 2013-02-12 13:30 - 01083839 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 22:53 - 2013-02-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 21:57 - 2014-08-07 07:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 21:39 - 2014-05-26 07:29 - 00005120 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Max-PC-Max Max-PC
2014-08-09 20:15 - 2013-02-12 15:07 - 00000000 ____D () C:\Users\Max\Downloads\JDownloader
2014-08-09 20:00 - 2013-02-12 15:06 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-08-09 19:45 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-08-09 19:45 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-08-09 19:45 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-09 19:38 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 19:38 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 19:34 - 2014-08-09 19:34 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_deu.exe
2014-08-09 19:34 - 2014-08-09 19:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-09 19:30 - 2014-08-08 07:29 - 00000672 _____ () C:\Windows\setupact.log
2014-08-09 19:30 - 2014-08-07 22:05 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-09 19:30 - 2013-02-12 14:39 - 00000000 ___RD () C:\Users\Max\Dropbox
2014-08-09 19:30 - 2013-02-12 14:38 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Dropbox
2014-08-09 19:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 09:34 - 2013-02-13 11:30 - 00000000 ____D () C:\Users\Max\AppData\Roaming\vlc
2014-08-09 09:30 - 2014-08-09 09:25 - 481022452 _____ () C:\Users\Max\Downloads\BL2014-07-14.rar
2014-08-08 23:43 - 2014-08-08 23:43 - 00001383 _____ () C:\Users\Max\Desktop\JRT.txt
2014-08-08 23:37 - 2014-08-08 23:37 - 01016261 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe
2014-08-08 23:37 - 2014-08-08 23:37 - 00000000 ____D () C:\Windows\ERUNT
2014-08-08 15:23 - 2014-08-08 15:23 - 00000306 _____ () C:\Windows\PFRO.log
2014-08-08 15:21 - 2014-08-08 15:20 - 00000000 ____D () C:\AdwCleaner
2014-08-08 15:20 - 2014-08-08 15:19 - 01475072 _____ () C:\Users\Max\Downloads\adwcleaner_3.303.exe
2014-08-08 07:38 - 2014-08-08 07:33 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 07:38 - 2014-08-08 07:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 07:38 - 2013-02-12 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 07:38 - 2013-02-12 14:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 07:33 - 2013-02-12 14:30 - 00000000 ____D () C:\ProgramData\Avira
2014-08-08 07:29 - 2014-08-08 07:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 07:29 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\DiskDefrag
2014-08-07 22:13 - 2013-02-14 16:46 - 00000000 ____D () C:\Users\Max\Downloads\Musik
2014-08-07 22:06 - 2014-08-07 22:06 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-07 22:06 - 2014-08-07 22:06 - 00001091 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-07 22:06 - 2014-08-07 22:06 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-07 22:06 - 2014-08-07 22:05 - 00002964 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-08-07 22:06 - 2014-08-07 22:05 - 00002618 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-08-07 22:06 - 2014-08-07 22:05 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-07 22:05 - 2014-08-07 22:05 - 14416304 _____ () C:\Users\Max\Downloads\Glary_Utilities_v5.5.0.12.exe
2014-08-07 22:05 - 2014-08-07 22:05 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-07 22:05 - 2014-08-07 22:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\GlarySoft
2014-08-07 22:04 - 2014-08-07 22:04 - 06685392 _____ (Glarysoft Ltd ) C:\Users\Max\Downloads\gusetup_slim_2.56.exe
2014-08-07 21:24 - 2013-02-12 14:39 - 00122464 _____ () C:\Users\Max\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-07 21:24 - 2009-07-14 06:45 - 03056152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-07 20:58 - 2013-12-08 19:22 - 00000000 ____D () C:\Program Files (x86)\Pixum
2014-08-07 20:57 - 2014-02-17 20:13 - 00000000 ____D () C:\Users\Max\AppData\Local\Google
2014-08-07 20:57 - 2014-02-17 20:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-07 20:53 - 2014-08-07 20:53 - 00225980 _____ () C:\Users\Max\Documents\cc_20140807_205320.reg
2014-08-07 20:52 - 2013-02-12 18:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-07 20:52 - 2013-02-12 13:26 - 00000000 ____D () C:\Windows\Panther
2014-08-07 20:51 - 2014-08-07 20:51 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-07 20:51 - 2014-08-07 20:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-07 20:12 - 2014-08-07 20:12 - 00025078 _____ () C:\Users\Max\Downloads\malwarebytes.txt
2014-08-07 19:58 - 2013-02-12 14:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-07 19:54 - 2014-08-07 19:54 - 00009648 _____ () C:\Users\Max\Downloads\gmer_log.log
2014-08-07 19:48 - 2014-08-07 19:48 - 00380416 _____ () C:\Users\Max\Downloads\Gmer-19357.exe
2014-08-07 19:43 - 2014-08-07 19:43 - 00046491 _____ () C:\Users\Max\Downloads\Addition.txt
2014-08-07 19:39 - 2014-08-07 19:39 - 00000468 _____ () C:\Users\Max\Downloads\defogger_disable.log
2014-08-07 19:39 - 2014-08-07 19:39 - 00000000 _____ () C:\Users\Max\defogger_reenable
2014-08-07 19:39 - 2013-02-12 13:34 - 00000000 ____D () C:\Users\Max
2014-08-07 19:37 - 2014-08-07 19:37 - 00050477 _____ () C:\Users\Max\Downloads\Defogger.exe
2014-08-07 19:18 - 2014-07-30 07:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-07 18:43 - 2014-08-07 18:43 - 15395992 _____ () C:\Users\Max\Documents\Firefox 31.0 (x86 de) - 2014-08-07.pcv
2014-08-07 18:42 - 2014-08-07 18:40 - 859082644 _____ () C:\Users\Max\Documents\Thunderbird 24.6.0 (de) - 2014-08-07.pcv
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-08-07 18:39 - 2014-08-07 18:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieUserList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 __SHD () C:\Users\Max\AppData\Local\EmieSiteList
2014-08-07 18:34 - 2014-08-07 18:34 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp39cf8f633f2440044789837d05ee0239
2014-08-07 18:31 - 2014-08-07 18:31 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a_
2014-08-07 18:30 - 2014-08-07 18:20 - 00000000 ____D () C:\Program Files\stinger
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2014-08-07 07:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Malwarebytes
2014-08-07 07:23 - 2013-02-13 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 23:45 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-06 23:40 - 2014-08-06 23:40 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp6408311ee7e6ba9fca037d7cfc7c84a8
2014-08-06 23:37 - 2014-08-06 23:37 - 00000001 _____ () C:\Users\Max\AppData\Local\llftool.4.12.agreement
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\ChromeExtensions
2014-08-06 23:37 - 2014-08-06 23:37 - 00000000 ____D () C:\Users\Max\AppData\Local\Temp1f9c7d65fab276adced4fc8d5b4dc46a
2014-08-06 23:26 - 2013-12-20 15:05 - 13144064 _____ () C:\Users\Max\AppData\Roaming\Sandra.mdb
2014-08-06 22:45 - 2014-03-06 00:18 - 00000000 ___RD () C:\Users\Max\OneDrive
2014-08-06 22:45 - 2014-03-06 00:17 - 00002198 _____ () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-04 03:42 - 2014-08-07 22:05 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-08-03 09:46 - 2014-08-03 09:46 - 00000821 _____ () C:\Users\Max\Desktop\LatencyMon.lnk
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2014-08-03 09:46 - 2014-08-03 09:46 - 00000000 ____D () C:\Program Files\LatencyMon
2014-08-01 17:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-30 22:23 - 2013-02-12 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 08:01 - 2014-07-30 08:01 - 00007605 _____ () C:\Users\Max\AppData\Local\Resmon.ResmonCfg
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Users\Max\AppData\Local\Downloaded Installations
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-07-28 21:45 - 2014-07-28 21:45 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-07-27 20:20 - 2014-07-25 19:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-27 20:20 - 2014-05-01 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2014-07-24 16:18 - 2013-05-08 07:13 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 07:21 - 2013-04-13 15:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 23:38 - 2013-04-13 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 21:13 - 2013-02-12 14:39 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 07:21 - 2014-07-05 15:43 - 00000000 ____D () C:\Users\Max\AppData\Local\Adobe
2014-07-18 09:11 - 2014-08-07 22:05 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys

Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk9akcx.dll
C:\Users\Max\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 08:44

==================== End Of Log ============================
         
--- --- ---


Zu den Problemen kann ich jetzt wenig sagen. Gefühlt läuft alles wieder schneller. An was lag denn das von mir beschriebene Phänomen? Hatte ich Malware drauf, die so etwas verursacht?

Vielen Dank auf jeden Fall für die schnelle und kompetente Hilfe!

Grüße
Max

Alt 10.08.2014, 08:31   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde



Jede Menge Adware.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.08.2014, 13:52   #9
Deadwing
 
Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde



Hallo Schrauber,

alles erledigt! Ich hoffe, es bleiben keine Schäden zurück, denn der Bootvorgang dauert immer noch länger als gewohnt (wenn auch nicht mehr ganz so lang wie zu Beginn).

Vielen Dank soweit und einen schönen Abend, Grüße
Max

Und ich glaube ich habe den Grund gefunden:
kann es sein, dass der MWB Resident das Laden am Anfang verzögert?
Ich habe den mal ausgeschaltet und jetzt läuft's wie vorher....

Alt 11.08.2014, 21:15   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Standard

Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde



möglich
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde
akamai, antivir, antivirus, avira, booten, branding, browser, cubase, desktop, festplatte, firefox, firefox 31.0, flash player, helper, home, homepage, hängen, langsam, langsamkeit, mozilla, newtab, outlook 2013, problem, programm, registry, scan, software, svchost.exe, system, updates, windows



Ähnliche Themen: Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde


  1. Windows 7, 64 Bit, langsamer Rechner, Malwarebytes 128 Funde, Avira gestoppt
    Log-Analyse und Auswertung - 28.10.2015 (36)
  2. Windows 8 - 34 Funde mit Malwarebytes, u.a. SFKEX (Trojan.downloader)
    Log-Analyse und Auswertung - 11.10.2015 (9)
  3. Windows 7: AVAST 3 Funde, Malwarebytes 8 Funde
    Log-Analyse und Auswertung - 16.12.2014 (13)
  4. Viele Funde via MBAM Windows 8, kein log file gespeichert?
    Log-Analyse und Auswertung - 12.11.2014 (7)
  5. Windows 7: PC startet auf einmal extrem langsam
    Log-Analyse und Auswertung - 16.08.2014 (14)
  6. Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (15)
  7. Extrem viele Funde mit AVIRA und Malwarebytes
    Log-Analyse und Auswertung - 24.03.2014 (13)
  8. Windows 7: diverse Probleme und viele Funde bei MWB Antimalware
    Log-Analyse und Auswertung - 06.03.2014 (15)
  9. Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam
    Log-Analyse und Auswertung - 04.03.2014 (11)
  10. Win7-64 Malwarebytes viele Funde, Snapdo
    Log-Analyse und Auswertung - 19.01.2014 (11)
  11. Windows 7, PC langsam und diverse Funde durch Malwarebytes Antimalware
    Log-Analyse und Auswertung - 07.12.2013 (27)
  12. externe Festplatte gescannt - Malwarebytes hat 4 Funde - pup.removewga
    Log-Analyse und Auswertung - 23.10.2013 (3)
  13. Windows 7: Snap-do und div. Trojaner/Viren eingefangen , Avira und Malwarebytes-Funde
    Log-Analyse und Auswertung - 03.10.2013 (12)
  14. Windows 7: Avira hat 172 Viren gefunden, davor mehrer Funde einzel Funde bei Malwarebytes bzw. Avira
    Log-Analyse und Auswertung - 15.09.2013 (13)
  15. Malwarebytes Log - Viele Funde
    Log-Analyse und Auswertung - 08.09.2013 (7)
  16. Malwarebytes Log analyse (viele Funde!)
    Log-Analyse und Auswertung - 20.08.2013 (14)
  17. Malwarebytes-Funde gelöscht ->Windows startet nicht mehr
    Log-Analyse und Auswertung - 10.01.2013 (20)

Zum Thema Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde - Hallo zusammen, ich habe folgendes Problem: vorgestern habe ich abends meinen PC eingeschaltet und er hat ewig zum Booten gebraucht. Als er dann endlich gebootet hatte, war eine Partition einer - Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde...
Archiv
Du betrachtest: Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.