Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: 30 Funde mbam, 2 Funde avira

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.08.2014, 18:09   #1
Computernixv
 
Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



FRST log


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-08-2014
Ran by Josef (administrator) on KURTMARKO-PC on 23-08-2014 15:25:53
Running from C:\Users\Josef\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SIEN S.A.) C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerMsg.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3993416 2011-10-04] (O&O Software GmbH)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-07-31] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\MountPoints2: {0ae5441f-fc62-11e2-868e-705ab6c9791b} - E:\install.bat
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kurt Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510j725l0474z145t5562k54n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: No Name -> {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} -> C:\Users\Josef\AppData\LocalLow\Internet Explorer BHO\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Josef\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\user.js
FF Extension: Foxy Secure 7 - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\connect@foxy-sec.com [2014-08-05]
FF Extension: Iminent - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\firefoxmini@go.im.xpi [2014-08-22]
FF Extension: CookieCuller - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-01-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-08-03]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [312032 2010-05-04] (Softwareentwicklung Remus - ArchiCrypt)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] (SIEN S.A.)
R2 HubService; C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe [536576 2014-07-30] () [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3271496 2011-10-04] (O&O Software GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe [3571360 2014-08-13] (Iminent)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 ACLE6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLN6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24664 2011-01-26] ()
S3 Mass_Storage_Filter; C:\Windows\System32\DRIVERS\Mass_Storage_Filter.sys [13336 2012-07-23] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2009-10-19] (SCM Microsystems Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-13] (Duplex Secure Ltd.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 15:25 - 2014-08-23 15:27 - 00026281 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:12 - 2014-08-23 15:13 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 10:16 - 2014-08-22 10:19 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-08-22 09:47 - 2014-08-22 10:12 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2014-08-14 14:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 22:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 22:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 22:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 22:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:28 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:28 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:28 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:28 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:28 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:28 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:28 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:28 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:28 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:28 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:28 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:28 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:28 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:28 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:27 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:27 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:27 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:27 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:27 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:27 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:27 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:27 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:27 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:27 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:25 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:25 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 21:25 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:25 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-06 10:08 - 2014-08-06 10:09 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 10:08 - 2014-08-06 10:08 - 498326879 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 09:26 - 2014-08-22 19:24 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:36 - 2014-08-05 09:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Hub Timer
2014-08-05 09:35 - 2014-08-23 14:04 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Security Systems
2014-08-05 09:35 - 2014-08-05 09:35 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:30 - 2014-08-05 09:33 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 19:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 19:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 19:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 19:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-24 21:13 - 2014-07-24 21:13 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 15:27 - 2014-08-23 15:25 - 00026281 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:26 - 2014-01-23 11:00 - 00000000 ____D () C:\FRST
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:25 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 15:25 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:21 - 2011-07-15 23:45 - 01394773 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 15:19 - 2012-06-03 21:18 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 15:15 - 2013-09-09 22:49 - 00045771 _____ () C:\Windows\setupact.log
2014-08-23 15:15 - 2011-09-23 19:10 - 02449275 _____ () C:\Windows\system32\oodbs.lor
2014-08-23 15:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:14 - 2012-05-15 15:04 - 00000000 ____D () C:\Users\Josef
2014-08-23 15:13 - 2014-08-23 15:12 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-23 15:07 - 2009-07-14 06:45 - 00458816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 15:01 - 2012-06-03 21:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 14:49 - 2012-05-08 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 14:04 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Security Systems
2014-08-23 14:04 - 2012-06-03 13:14 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job
2014-08-22 20:04 - 2012-06-03 13:14 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job
2014-08-22 19:24 - 2014-08-06 09:26 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-22 19:24 - 2014-06-02 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-22 10:19 - 2014-08-22 10:16 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 10:12 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-21 10:03 - 2014-04-03 08:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 20:54 - 2013-01-26 19:54 - 00003494 _____ () C:\Windows\System32\Tasks\Josef NBAgent 5 4
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 11:25 - 2010-03-25 05:51 - 00770060 _____ () C:\Windows\system32\perfh007.dat
2014-08-20 11:25 - 2010-03-25 05:51 - 00174240 _____ () C:\Windows\system32\perfc007.dat
2014-08-20 11:25 - 2009-07-14 07:13 - 01796562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 09:28 - 2012-05-15 15:08 - 00000000 ____D () C:\Users\Josef\Valentin
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 12:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2013-09-11 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 14:22 - 2014-08-14 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 11:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:51 - 2014-05-01 14:26 - 00000000 ____D () C:\Users\Gast
2014-08-14 06:51 - 2011-06-22 21:38 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-14 06:51 - 2011-03-21 14:14 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-14 06:51 - 2010-05-10 15:05 - 00000000 ____D () C:\Users\Kurt Marko
2014-08-14 06:51 - 2010-03-25 05:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-08-14 06:51 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-14 06:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-13 23:07 - 2010-03-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:59 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 22:51 - 2010-05-10 21:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 22:43 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 21:12 - 2012-05-08 20:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 21:12 - 2012-05-08 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:12 - 2011-06-22 12:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-07 04:06 - 2014-08-13 21:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 21:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:09 - 2014-08-06 10:08 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 10:08 - 2014-08-06 10:08 - 498326879 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 10:08 - 2013-09-09 22:48 - 00265306 _____ () C:\Windows\PFRO.log
2014-08-06 09:26 - 2013-09-14 14:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:36 - 2014-08-05 09:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Hub Timer
2014-08-05 09:35 - 2014-08-05 09:35 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:33 - 2014-08-05 09:30 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-08-05 09:04 - 2011-06-29 09:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-01 01:41 - 2014-08-13 21:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 21:27 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-27 16:36 - 2012-05-15 16:17 - 00000000 ____D () C:\Users\Josef\Michael
2014-07-25 16:52 - 2014-08-13 21:27 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 21:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 21:27 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 21:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 21:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:28 - 2014-08-13 21:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-13 21:27 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 21:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 21:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 21:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 21:27 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 21:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 21:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 21:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 21:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 21:27 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 21:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 21:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 21:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:28 - 2014-08-13 21:27 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:21 - 2014-08-13 21:27 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 21:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 21:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 21:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:17 - 2014-08-13 21:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:12 - 2014-08-13 21:27 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 21:27 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 21:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 21:28 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 21:27 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 21:28 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 21:27 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 21:27 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 21:27 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 21:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 21:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 21:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 21:27 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 21:27 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 21:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 21:27 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 21:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 21:27 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 21:27 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 21:27 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 21:27 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 21:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 21:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 21:28 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 21:13 - 2014-07-24 21:13 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(2).exe
2014-07-24 17:50 - 2014-06-18 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 17:50 - 2013-03-14 21:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 17:50 - 2013-03-14 21:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 17:50 - 2012-10-14 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-24 15:42 - 2013-03-14 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 15:21 - 2013-09-14 15:41 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 13:50 - 2011-06-26 11:34 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-24 10:59 - 2010-05-17 13:14 - 00000000 ____D () C:\Windows\PCHEALTH

Files to move or delete:
====================
C:\Users\Josef\ccsetup405_slim_4.05.exe
C:\Users\Josef\GoogleEarthSetup.exe
C:\Users\Josef\JRT.exe
C:\Users\Josef\mbam-setup-1.75.0.1300.exe
C:\Users\Josef\vlc-2.0.8_win32.exe


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\IminentSetup_july17.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 12:03

==================== End Of Log ============================
         

Alt 23.08.2014, 18:15   #2
Computernixv
 
Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



FRST additional

Code:
ATTFilter
t version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SIEN S.A.) C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerMsg.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3993416 2011-10-04] (O&O Software GmbH)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-07-31] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\MountPoints2: {0ae5441f-fc62-11e2-868e-705ab6c9791b} - E:\install.bat
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kurt Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510j725l0474z145t5562k54n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: No Name -> {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} -> C:\Users\Josef\AppData\LocalLow\Internet Explorer BHO\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Josef\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\user.js
FF Extension: Foxy Secure 7 - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\connect@foxy-sec.com [2014-08-05]
FF Extension: Iminent - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\firefoxmini@go.im.xpi [2014-08-22]
FF Extension: CookieCuller - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-01-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-08-03]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [312032 2010-05-04] (Softwareentwicklung Remus - ArchiCrypt)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] (SIEN S.A.)
R2 HubService; C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe [536576 2014-07-30] () [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3271496 2011-10-04] (O&O Software GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe [3571360 2014-08-13] (Iminent)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 ACLE6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLN6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24664 2011-01-26] ()
S3 Mass_Storage_Filter; C:\Windows\System32\DRIVERS\Mass_Storage_Filter.sys [13336 2012-07-23] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2009-10-19] (SCM Microsystems Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-13] (Duplex Secure Ltd.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 15:25 - 2014-08-23 15:27 - 00026281 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:12 - 2014-08-23 15:13 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 10:16 - 2014-08-22 10:19 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-08-22 09:47 - 2014-08-22 10:12 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2014-08-14 14:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 22:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 22:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 22:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 22:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:28 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:28 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:28 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:28 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:28 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:28 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:28 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:28 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:28 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:28 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:28 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:28 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:28 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:28 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:27 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:27 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:27 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:27 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:27 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:27 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:27 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:27 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:27 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:27 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:25 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:25 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 21:25 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:25 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-06 10:08 - 2014-08-06 10:09 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 10:08 - 2014-08-06 10:08 - 498326879 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 09:26 - 2014-08-22 19:24 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:36 - 2014-08-05 09:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Hub Timer
2014-08-05 09:35 - 2014-08-23 14:04 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Security Systems
2014-08-05 09:35 - 2014-08-05 09:35 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:30 - 2014-08-05 09:33 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 19:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 19:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 19:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 19:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-24 21:13 - 2014-07-24 21:13 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 15:27 - 2014-08-23 15:25 - 00026281 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:26 - 2014-01-23 11:00 - 00000000 ____D () C:\FRST
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:25 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 15:25 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:21 - 2011-07-15 23:45 - 01394773 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 15:19 - 2012-06-03 21:18 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 15:15 - 2013-09-09 22:49 - 00045771 _____ () C:\Windows\setupact.log
2014-08-23 15:15 - 2011-09-23 19:10 - 02449275 _____ () C:\Windows\system32\oodbs.lor
2014-08-23 15:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:14 - 2012-05-15 15:04 - 00000000 ____D () C:\Users\Josef
2014-08-23 15:13 - 2014-08-23 15:12 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-23 15:07 - 2009-07-14 06:45 - 00458816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 15:01 - 2012-06-03 21:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 14:49 - 2012-05-08 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 14:04 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Security Systems
2014-08-23 14:04 - 2012-06-03 13:14 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job
2014-08-22 20:04 - 2012-06-03 13:14 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job
2014-08-22 19:24 - 2014-08-06 09:26 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-22 19:24 - 2014-06-02 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-22 10:19 - 2014-08-22 10:16 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 10:12 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-21 10:03 - 2014-04-03 08:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 20:54 - 2013-01-26 19:54 - 00003494 _____ () C:\Windows\System32\Tasks\Josef NBAgent 5 4
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 11:25 - 2010-03-25 05:51 - 00770060 _____ () C:\Windows\system32\perfh007.dat
2014-08-20 11:25 - 2010-03-25 05:51 - 00174240 _____ () C:\Windows\system32\perfc007.dat
2014-08-20 11:25 - 2009-07-14 07:13 - 01796562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 09:28 - 2012-05-15 15:08 - 00000000 ____D () C:\Users\Josef\Valentin
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 12:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2013-09-11 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 14:22 - 2014-08-14 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 11:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:51 - 2014-05-01 14:26 - 00000000 ____D () C:\Users\Gast
2014-08-14 06:51 - 2011-06-22 21:38 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-14 06:51 - 2011-03-21 14:14 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-14 06:51 - 2010-05-10 15:05 - 00000000 ____D () C:\Users\Kurt Marko
2014-08-14 06:51 - 2010-03-25 05:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-08-14 06:51 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-14 06:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-13 23:07 - 2010-03-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:59 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 22:51 - 2010-05-10 21:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 22:43 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 21:12 - 2012-05-08 20:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 21:12 - 2012-05-08 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:12 - 2011-06-22 12:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-07 04:06 - 2014-08-13 21:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 21:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:09 - 2014-08-06 10:08 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 10:08 - 2014-08-06 10:08 - 498326879 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 10:08 - 2013-09-09 22:48 - 00265306 _____ () C:\Windows\PFRO.log
2014-08-06 09:26 - 2013-09-14 14:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:36 - 2014-08-05 09:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Hub Timer
2014-08-05 09:35 - 2014-08-05 09:35 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:33 - 2014-08-05 09:30 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-08-05 09:04 - 2011-06-29 09:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-01 01:41 - 2014-08-13 21:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 21:27 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-27 16:36 - 2012-05-15 16:17 - 00000000 ____D () C:\Users\Josef\Michael
2014-07-25 16:52 - 2014-08-13 21:27 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 21:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 21:27 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 21:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 21:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:28 - 2014-08-13 21:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-13 21:27 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 21:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 21:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 21:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 21:27 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 21:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 21:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 21:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 21:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 21:27 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 21:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 21:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 21:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:28 - 2014-08-13 21:27 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:21 - 2014-08-13 21:27 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 21:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 21:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 21:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:17 - 2014-08-13 21:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:12 - 2014-08-13 21:27 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 21:27 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 21:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 21:28 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 21:27 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 21:28 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 21:27 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 21:27 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 21:27 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 21:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 21:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 21:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 21:27 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 21:27 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 21:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 21:27 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 21:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 21:27 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 21:27 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 21:27 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 21:27 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 21:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 21:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 21:28 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 21:13 - 2014-07-24 21:13 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(2).exe
2014-07-24 17:50 - 2014-06-18 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 17:50 - 2013-03-14 21:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 17:50 - 2013-03-14 21:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 17:50 - 2012-10-14 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-24 15:42 - 2013-03-14 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 15:21 - 2013-09-14 15:41 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 13:50 - 2011-06-26 11:34 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-24 10:59 - 2010-05-17 13:14 - 00000000 ____D () C:\Windows\PCHEALTH

Files to move or delete:
====================
C:\Users\Josef\ccsetup405_slim_4.05.exe
C:\Users\Josef\GoogleEarthSetup.exe
C:\Users\Josef\JRT.exe
C:\Users\Josef\mbam-setup-1.75.0.1300.exe
C:\Users\Josef\vlc-2.0.8_win32.exe


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\IminentSetup_july17.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 12:03

==================== End Of Log ============================
         
[/CODE]

GMER


Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-23 18:44:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Josef\AppData\Local\Temp\awddauoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                            fffff800037f0000 45 bytes [01, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                            fffff800037f002f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000076971465 2 bytes [97, 76]
.text     C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                     00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe[1480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe[1480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4240] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                      0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4240] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                     00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                                                           * 2

---- Threads - GMER 2.1 ----

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:2540]                                                                                                000007fef9f52bf8
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:3196]                                                                                                000007fef1344830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:2500]                                                                                                000007fef1344830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:2548]                                                                                                000007fef1344830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:1388]                                                                                                000007fef6685124
---- Processes - GMER 2.1 ----

Process   C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe (*** suspicious ***) @ C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe [2008](2014-                         0000000000400000
Library   C:\Users\Josef\AppData\Roaming\Hub Timer\sub\default.dll (*** suspicious ***) @ C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe [2008](2014-08-05 07:36:30)  0000000003050000

---- EOF - GMER 2.1 ----
         
AVIRA

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 22. August 2014  19:26


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : KURTMARKO-PC

Versionsinformationen:
BUILD.DAT      : 14.0.6.552     92022 Bytes  23.07.2014 13:29:00
AVSCAN.EXE     : 14.0.6.548   1046608 Bytes  06.08.2014 07:07:06
AVSCANRC.DLL   : 14.0.6.522     62544 Bytes  06.08.2014 07:07:06
LUKE.DLL       : 14.0.6.522     57936 Bytes  06.08.2014 07:07:27
AVSCPLR.DLL    : 14.0.6.548     92752 Bytes  06.08.2014 07:07:07
AVREG.DLL      : 14.0.6.522    262224 Bytes  06.08.2014 07:07:04
avlode.dll     : 14.0.6.526    603728 Bytes  06.08.2014 07:07:03
avlode.rdf     : 14.0.4.42      65114 Bytes  17.07.2014 21:49:01
XBV00009.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00010.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00011.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00012.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00013.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00014.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00015.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00016.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00017.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00018.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00019.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00067.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00068.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00069.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00070.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00071.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00072.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00073.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00074.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00075.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00076.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00077.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00078.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00079.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00080.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00081.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00082.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00083.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00084.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00085.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00086.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00087.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00088.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00089.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:15
XBV00090.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00091.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00092.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00093.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00094.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00095.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00096.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00097.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00098.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00099.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00100.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00101.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00102.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00103.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00104.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00105.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00106.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00107.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00108.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00109.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00110.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00111.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00112.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00113.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00114.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00115.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00116.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00117.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00118.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00119.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00120.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00121.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00122.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00123.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00124.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00125.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00126.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00127.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00128.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00129.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00130.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00131.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00132.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00133.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00134.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00135.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00136.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00137.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00138.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00139.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00140.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00141.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00142.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00143.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00144.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00145.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00146.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00147.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00148.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00149.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00150.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00151.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00152.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00153.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00154.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00155.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00156.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00157.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00158.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00159.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00160.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00161.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00162.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00163.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00164.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00165.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00166.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00167.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00168.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00169.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00170.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00171.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00172.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00173.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00174.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00175.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00176.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00177.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00178.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00179.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00180.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00181.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00182.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00183.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00184.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00185.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00186.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00187.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00188.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00189.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00190.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00191.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00192.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00193.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00194.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00195.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00196.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00197.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00198.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00199.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00200.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00201.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00202.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00203.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00204.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00205.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00206.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00207.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00208.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00209.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00210.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00211.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00212.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00213.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00214.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00215.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00216.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00217.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00218.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00219.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00220.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00221.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00222.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00223.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00224.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00225.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00226.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00227.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00228.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00229.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00230.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00231.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00232.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00233.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00234.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00235.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00236.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00237.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00238.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00239.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00240.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00241.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00242.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00243.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00244.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00245.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00246.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00247.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00248.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00249.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00250.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00251.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00252.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00253.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00254.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00255.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 13:26:19
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 13:26:22
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 13:26:24
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 13:26:26
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 13:26:29
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 13:26:35
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 17:17:02
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 17:07:42
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 13:45:06
XBV00042.VDF   : 8.11.167.234  1073152 Bytes  19.08.2014 12:10:14
XBV00043.VDF   : 8.11.167.236     3584 Bytes  19.08.2014 12:10:14
XBV00044.VDF   : 8.11.167.238    17408 Bytes  19.08.2014 18:10:12
XBV00045.VDF   : 8.11.167.242     7168 Bytes  19.08.2014 18:10:12
XBV00046.VDF   : 8.11.167.248     2048 Bytes  19.08.2014 18:10:12
XBV00047.VDF   : 8.11.168.26    19968 Bytes  19.08.2014 18:10:12
XBV00048.VDF   : 8.11.168.44    10240 Bytes  19.08.2014 11:52:32
XBV00049.VDF   : 8.11.168.60     2048 Bytes  19.08.2014 11:52:32
XBV00050.VDF   : 8.11.168.78    27136 Bytes  20.08.2014 11:52:32
XBV00051.VDF   : 8.11.168.80     2048 Bytes  20.08.2014 11:52:32
XBV00052.VDF   : 8.11.168.98    15360 Bytes  20.08.2014 17:51:30
XBV00053.VDF   : 8.11.168.100     2048 Bytes  20.08.2014 17:51:30
XBV00054.VDF   : 8.11.168.116    28160 Bytes  20.08.2014 06:27:29
XBV00055.VDF   : 8.11.168.118     9216 Bytes  20.08.2014 06:27:30
XBV00056.VDF   : 8.11.168.120     4096 Bytes  20.08.2014 06:27:30
XBV00057.VDF   : 8.11.168.124    12800 Bytes  21.08.2014 06:27:30
XBV00058.VDF   : 8.11.168.126    25088 Bytes  21.08.2014 14:36:23
XBV00059.VDF   : 8.11.168.132    33280 Bytes  21.08.2014 06:38:11
XBV00060.VDF   : 8.11.168.134     2048 Bytes  21.08.2014 06:38:11
XBV00061.VDF   : 8.11.168.138    11776 Bytes  21.08.2014 06:38:11
XBV00062.VDF   : 8.11.168.140     3584 Bytes  21.08.2014 06:38:11
XBV00063.VDF   : 8.11.168.158     3584 Bytes  22.08.2014 12:38:26
XBV00064.VDF   : 8.11.168.174     2048 Bytes  22.08.2014 12:38:26
XBV00065.VDF   : 8.11.168.180     5120 Bytes  22.08.2014 12:38:26
XBV00066.VDF   : 8.11.168.220     7168 Bytes  22.08.2014 12:38:26
LOCAL001.VDF   : 8.11.168.220 109023744 Bytes  22.08.2014 12:38:46
Engineversion  : 8.3.24.18 
AEVDF.DLL      : 8.3.1.6       133992 Bytes  20.08.2014 17:51:30
AESCRIPT.DLL   : 8.2.0.18      437104 Bytes  22.08.2014 12:38:26
AESCN.DLL      : 8.3.2.2       139456 Bytes  21.07.2014 13:38:59
AESBX.DLL      : 8.2.20.24    1409224 Bytes  08.05.2014 17:18:01
AERDL.DLL      : 8.2.0.138     704888 Bytes  02.12.2013 14:05:13
AEPACK.DLL     : 8.4.0.50      792488 Bytes  07.08.2014 13:45:03
AEOFFICE.DLL   : 8.3.0.20      216104 Bytes  14.08.2014 16:00:51
AEHEUR.DLL     : 8.1.4.1240   7433072 Bytes  22.08.2014 12:38:26
AEHELP.DLL     : 8.3.1.0       278728 Bytes  28.05.2014 16:53:50
AEGEN.DLL      : 8.1.7.28      450752 Bytes  06.06.2014 18:33:43
AEEXP.DLL      : 8.4.2.30      247712 Bytes  22.08.2014 12:38:26
AEEMU.DLL      : 8.1.3.4       399264 Bytes  07.08.2014 13:45:01
AEDROID.DLL    : 8.4.2.24      442568 Bytes  04.06.2014 16:55:07
AECORE.DLL     : 8.3.2.6       243712 Bytes  07.08.2014 13:45:01
AEBB.DLL       : 8.1.2.0        60448 Bytes  07.08.2014 13:45:01
AVWINLL.DLL    : 14.0.6.522     24144 Bytes  06.08.2014 07:07:01
AVPREF.DLL     : 14.0.6.522     50256 Bytes  06.08.2014 07:07:04
AVREP.DLL      : 14.0.6.522    219216 Bytes  06.08.2014 07:07:04
AVARKT.DLL     : 14.0.5.368    226384 Bytes  01.07.2014 12:04:40
AVEVTLOG.DLL   : 14.0.6.522    182352 Bytes  06.08.2014 07:07:02
SQLITE3.DLL    : 14.0.6.522    452176 Bytes  06.08.2014 07:07:29
AVSMTP.DLL     : 14.0.6.522     76368 Bytes  06.08.2014 07:07:07
NETNT.DLL      : 14.0.6.522     13392 Bytes  06.08.2014 07:07:27
RCIMAGE.DLL    : 14.0.6.544   4863568 Bytes  06.08.2014 07:07:01
RCTEXT.DLL     : 14.0.6.536     74320 Bytes  06.08.2014 07:07:01

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20140822-191408-543BEC0C.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 22. August 2014  19:26

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Versteckter Treiber

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArchiCryptInjector64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'IMGUpdater.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'hub.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFReaderDriverService3x64.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodag.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'Umbrella212.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'sua.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'itype.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodtray.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'MMDx64Fx.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerMsg.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '27650' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
    [0] Archivtyp: OVL
    --> C:\Program Files\Vodafone SmartTabII10\usb\amd64\winusbcoinstaller2.dll
        [1] Archivtyp: RSRC
      --> C:\Program Files\Vodafone SmartTabII10\usb\amd64\WUDFUpdate_01009.dll
          [2] Archivtyp: RSRC
        --> C:\Program Files\Vodafone SmartTabII10\usb\i386\winusbcoinstaller2.dll
            [3] Archivtyp: RSRC
          --> C:\Program Files\Vodafone SmartTabII10\usb\i386\WUDFUpdate_01009.dll
              [4] Archivtyp: RSRC
            --> C:\Program Files (x86)\EgisTec\MyWinLocker 3\HTCA_SelfExtract.bin
                [5] Archivtyp: OVL
              --> C:\Users\Josef\AppData\Roaming\Security Systems\uninstall.exe
                  [6] Archivtyp: ZIP SFX (self extracting)
                --> Setup.exe
                    [FUND]      Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.6984
                    [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Josef\AppData\Roaming\Security Systems\uninstall.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.6984

Beginne mit der Desinfektion:
C:\Users\Josef\AppData\Roaming\Security Systems\uninstall.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.6984
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51a9235a.qua' verschoben!


Ende des Suchlaufs: Samstag, 23. August 2014  14:04
Benötigte Zeit: 18:37:30 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  47689 Verzeichnisse wurden überprüft
 1142386 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1142384 Dateien ohne Befall
  21895 Archive wurden durchsucht
      1 Warnungen
      1 Hinweise
     99 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
         
MBAM

Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/08/23 14:51:49 +0200</date>
<logfile>mbam-log-2014-08-23 (14-51-48).xml</logfile>
<isadmin>no</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.23.01</malware-database>
<rootkit-database>v2014.08.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Gast</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>274940</objects>
<time>732</time>
<processes>0</processes>
<modules>0</modules>
<keys>37</keys>
<values>5</values>
<datas>0</datas>
<folders>4</folders>
<files>18</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GlobalUpdater</path><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><hash>d82503c65328e74f6bf8a1ef976a758b</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SProtection</path><vendor>PUP.Optional.Iminent</vendor><action>delete-on-reboot</action><hash>0eefbb0e12694ee858a6769dd22f956b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C58D664A-3DBC-4925-AE74-0382007DF113}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C58D664A-3DBC-4925-AE74-0382007DF113}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender.1</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender.1</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject.1</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject.1</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\INPROCSERVER32</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>09f4ac1d92e9dc5a8005802a52b0eb15</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>a4593a8f1f5ce254bdc92a80ae54e020</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>827b8940601b11250d0d75355ea4669a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></key>
<key><path>HKLM\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>8e6feedb0f6c0135c7e51bfbe41f06fa</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>c23baa1f3744bf7731cec27e7a8afe02</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>a954ad1cabd00b2b25bf241033d1857b</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe</path><vendor>PUP.Optional.DataMangr.A</vendor><action>delete-on-reboot</action><hash>936a5c6d502b53e3091a1cd2ad55718f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>07f63198e299e5513b71bc5a24df52ae</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>2bd24a7f99e224128c738eb2c93bc040</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>9469d1f89edd52e4eef63103ae569c64</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\IMGUPDATER</path><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><hash>f10c9e2b76051d19a3fe3db9e0225aa6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe</path><vendor>PUP.Optional.DataMangr.A</vendor><action>delete-on-reboot</action><hash>06f78049077466d00d16a846bb4741bf</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\UMBRELLA</path><vendor>PUP.Optional.Umbrella.A</vendor><action>delete-on-reboot</action><hash>feff3f8aa3d895a1e4ad66c7e61ec63a</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\IMGUPDATER</path><valuename>ConfigBlockJSN</valuename><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><valuedata>{
   &quot;MAIN_SWITCH&quot; : true,
   &quot;UPDATABLE&quot; : {
      &quot;064A36CC-4404-42F9-B26E-3BFD515F2447&quot; : {
         &quot;lastupdated&quot; : 0,
         &quot;mindeltatime&quot; : 259200
      },
      &quot;2C200CBA-D536-40C8-902D-9C34FD10AD85&quot; : {
         &quot;lastupdated&quot; : 0,
         &quot;localversion&quot; : &quot;0&quot;,
         &quot;mindeltatime&quot; : 259200
      },
      &quot;4C973056-22D8-488C-A358-AEA00CC2EC7D&quot; : {
         &quot;lastupdated&quot; : 0,
         &quot;mindeltatime&quot; : 259200
      }
   }
}
</valuedata><hash>f10c9e2b76051d19a3fe3db9e0225aa6</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Iminent</valuename><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><valuedata>C:\Program Files (x86)\Iminent\Iminent.exe /warmup &quot;F77F87E5-A6BD-4922-A530-EDF63D7E9F8C&quot;</valuedata><hash>3fbee7e2c3b8b1856c0cd51013ef34cc</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>IminentMessenger</valuename><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><valuedata>C:\Program Files (x86)\Iminent\Iminent.Messengers.exe</valuedata><hash>7b821bae3546ef47b1c8e30258aaba46</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\UMBRELLA</path><valuename>MUpdBlock</valuename><vendor>PUP.Optional.Umbrella.A</vendor><action>delete-on-reboot</action><valuedata>{
   &quot;MASSUPDATE&quot; : {
      &quot;CHROME_MBAR&quot; : {
         &quot;Checked&quot; : 1,
         &quot;RetryIdx&quot; : 0,
         &quot;Version&quot; : 1
      },
      &quot;FIREFOX_MBAR&quot; : {
         &quot;Checked&quot; : 1,
         &quot;RetryIdx&quot; : 0,
         &quot;Version&quot; : 3
      },
      &quot;IEXPLORE_BHO&quot; : {
         &quot;Checked&quot; : 1,
         &quot;RetryIdx&quot; : 0,
         &quot;Version&quot; : 4
      }
   }
}
</valuedata><hash>feff3f8aa3d895a1e4ad66c7e61ec63a</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GLOBALUPDATER</path><valuename>ImagePath</valuename><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><valuedata>C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe</valuedata><hash>4db0a920413aa19584dfef088a78c739</hash></value>
<folder><path>C:\Program Files (x86)\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></folder>
<folder><path>C:\Program Files (x86)\Iminent\inst</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></folder>
<folder><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></folder>
<folder><path>C:\Users\Josef\AppData\Local\Temp\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>f90446836516aa8c555c635a7b87d030</hash></folder>
<file><path>C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe</path><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><hash>d82503c65328e74f6bf8a1ef976a758b</hash></file>
<file><path>C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe</path><vendor>PUP.Optional.Iminent</vendor><action>delete-on-reboot</action><hash>0eefbb0e12694ee858a6769dd22f956b</hash></file>
<file><path>C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></file>
<file><path>C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></file>
<file><path>c:\windows\system32\tasks\browser updater</path><vendor>PUP.Optional.HomeTab.A</vendor><action>delete-on-reboot</action><hash>1ce1e8e1d1aa4ceab329cd25bd459e62</hash></file>
<file><path>C:\Program Files (x86)\Iminent\SearchTheWeb.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\iSearch.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\StartWeb.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\USearch.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\isearch.ico</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\main.ico</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\SearchTheWeb.ico</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Universely.ico</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper\CustomActionsIminent.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper\IminentUninstall.exe</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper\MetroConfig.JSON</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper\uninstall.exe</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>639a3792d7a4e155164b0623f80ce61a</hash></file>
</items>
</mbam-log>
         
mbam protection

Code:
ATTFilter
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="1" datetime="2014-08-23T14:51:41.760427+02:00" source="Manual" type="Update" username="SYSTEM" systemname="KURTMARKO-PC" fromVersion="2014.8.22.5" last_modified_tag="9feb2fd6-0a68-4917-ab43-84df2fbc1adb" name="Malware Database" toVersion="2014.8.23.1"></record>
</logs>
         

hoffentlich kann mir jemand helfen...
__________________


Alt 24.08.2014, 09:39   #3
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



Hi,

Addition.txt von FRST fehlt noch
__________________
__________________

Alt 24.08.2014, 16:00   #4
Computernixv
 
Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2014
Ran by Josef at 2014-08-23 15:27:42
Running from C:\Users\Josef\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.63 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.1.4 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0105.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Active@ ISO Burner (HKLM-x32\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aiseesoft PDF to Word Converter 3.1.8 (HKLM-x32\...\{3CF515C0-55D9-4591-824F-1934352AC10E}_is1) (Version:  - )
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArchiCrypt Live Version 6.7.9.10014 (HKLM-x32\...\ArchiCrypt Live 6_is1) (Version: 6.7.9.10014 - Softwareentwicklung Patric Remus - ArchiCrypt)
ArchiCrypt Passwort Safe Version 5.5.4.2334 (HKLM-x32\...\ACRYSA5_is1) (Version: 5.5.4.2334 - Softwareentwicklung Patric Remus - ArchiCrypt)
ArchiCrypt Shredder Version 5.7.7.5579 (HKLM-x32\...\ACRYSH5_is1) (Version: 5.7.7.5579 - Softwareentwicklung Remus - ArchiCrypt)
Audiobook Cutter Free Edition (HKLM-x32\...\{B4D5287E-762E-4B80-8BA7-09D804BAF786}) (Version: 1.8.1 - Audiobook Software)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0F05}) (Version: 12.15.5.1034 - APN, LLC)
Backup Manager Basic (x32 Version: 2.0.0.63 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP830 MP Drivers (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version:  - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - )
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2529.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
dsdminst (x32 Version: 1.01.0002 - Brother Industries, Ltd.) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - )
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.6 - Gadwin Systems, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
High-Definition Video Playback (x32 Version: 7.3.10800.5.0 - Nero AG) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Iminent (HKLM-x32\...\IMBoosterARP) (Version: 7.5.3.1 - Iminent) <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 3D 1.5.1 (HKLM-x32\...\{32A9C5B3-D166-4C6D-A11E-A54473151000}) (Version: 1.5.1 - Sun Microsystems, Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.6 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools - DEU (HKLM-x32\...\{E5599ADE-1740-483F-817E-3C3E09C95636}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{803910CC-3A39-45E3-A594-0D5512A60A86}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Kwik Themes 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.6.10000.2.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.6.10000.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.6.10000.11.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10400.4.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12600.0.5 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19800.9.10 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.13000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14200.48.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
NetObjects Fusion 11.0 (HKLM-x32\...\{C4B698E6-8AB4-4B7E-BCF3-03FE66E103BD}) (Version: 11 German - )
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.06 - Deutsche Telekom AG)
Netzmanager (Version: 1.06 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6509 - NewTech Infosystems) Hidden
NuGet (HKLM-x32\...\{BE8DCA37-A15A-4C0B-B601-D18AC34C944D}) (Version: 1.0.20105.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{83FA8348-A625-48F9-BF38-47E91F963930}) (Version: 15.0.83 - O&O Software GmbH)
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-XChange Editor (HKLM-x32\...\{f02eba41-d9bb-4b8d-8682-9288c0802790}) (Version: 5.5.308.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.308.0 - Tracker Software Products (Canada) Ltd.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QUICKfind (HKLM-x32\...\{593AFFA4-D08E-4272-BABB-420949D32A10}) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.11.9874 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedCommander 10 (HKLM-x32\...\SpeedCommander 10) (Version: 10.0 - SpeedProject)
SPR532 SmartCard Reader V1.87 (HKLM-x32\...\{063368C4-1F03-46C7-92A8-9066AF67B372}) (Version: 1.87 - SCM Microsystems Inc.)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney 7.0  (HKLM-x32\...\{A43E4943-4471-4C9F-B2C9-31051DED7387}) (Version: 7.0 - Star Finanz GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
USB PnP Sound Device (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
Vektoris3D 2.0 (HKLM-x32\...\8458-4195-6614-3708) (Version:  - kapieren.de)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3012 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - LENOVO COMPUTER INC. (Mass_Storage_Filter) CDROM  (08/21/2012 6.2.8253.0) (HKLM\...\E8D70804D5C578821BCC929565DE41FEF872C27B) (Version: 08/21/2012 6.2.8253.0 - LENOVO COMPUTER INC.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-07-2014 17:18:05 Windows Update
13-08-2014 18:06:50 Windows Update
13-08-2014 20:42:58 Windows Update
14-08-2014 12:20:51 Installed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {019760FD-4CB3-4CA1-9D9E-64FE0B3397F6} - \Software Updater Ui No Task File <==== ATTENTION
Task: {0D8B3372-7EB0-4FD3-A7A5-E6672235968F} - System32\Tasks\Kurt Marko NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-04-08] (Nero AG)
Task: {13D55EDA-C6A7-4069-816E-445CD4B7E03B} - System32\Tasks\{29275110-6157-4492-8BD3-46D9A4BBE289} => C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2014-08-06] (Avira Operations GmbH & Co. KG)
Task: {1793CD5D-C755-4E4A-8C71-EF7DD43AB043} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20E0F200-8DE9-4C2C-8A52-AC0B0F041082} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {2712B0B8-4333-4D83-B58D-CB9E8AB78B44} - System32\Tasks\Freemium1ClickMaint => C:\Users\Josef\1Click.exe
Task: {365C7539-2EE9-4337-B66F-C1DDD86D8EEB} - System32\Tasks\AdobeAAMUpdater-1.0-KurtMarko-PC-Kurt Marko => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {43EFE5B7-7B37-46EC-ADE8-74FDAAAE93BA} - System32\Tasks\Josef Local Autobackup 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe [2011-04-08] (Nero AG)
Task: {617F9670-68CC-4329-9CD1-B59F4B8019A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-13] (Adobe Systems Incorporated)
Task: {64DD0B69-AAEB-4CEB-8AA2-94EF870D8272} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {70C0624C-BECD-4233-8931-BE697446B5FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {7CF56BC2-6072-433A-90E4-001AAA7EC134} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {7D9C3FB5-F842-4343-8C96-D968B56F9DBE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA => C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {9F2F77DA-7E82-4DC5-AB97-A9E3E8E585BE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {AD057EE1-5E55-47D0-83F2-EB57B1872D74} - \Software Updater No Task File <==== ATTENTION
Task: {BB550654-D380-4D28-8C2A-282EA4D85DD3} - System32\Tasks\{EF57B1D4-437B-4A06-8E6E-4AD0D7C8BA43} => C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2014-08-06] (Avira Operations GmbH & Co. KG)
Task: {CAD5BE3A-8F40-41F9-9320-F802911DDA9E} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {E8A3C980-9687-4E06-900B-D6F7A3B5BE11} - System32\Tasks\Josef NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-04-08] (Nero AG)
Task: {EA927D6C-1E04-4611-A340-E5523BD31B43} - System32\Tasks\{ABC31295-9D6D-4862-ADAB-52F873C15264} => C:\Program Files (x86)\FreeMind\Freemind.exe
Task: {F3ABEB8B-5998-4444-B75B-C5E68EA7DA1C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {FDA46D7A-83E0-4788-AE6A-13385F0487CB} - System32\Tasks\AdobeAAMUpdater-1.0-KurtMarko-PC-Josef => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {FE783D2F-5671-4B1F-8724-5E716F741F49} - System32\Tasks\{9CE0C549-0AE6-4AE6-8CC8-96FD9A6662A9} => C:\Program Files (x86)\FreeMind\Freemind.exe
Task: {FEDECC6D-F643-4712-B3AF-7C0F27AF8D52} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core => C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job => C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job => C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-05 09:36 - 2014-07-30 13:22 - 00536576 _____ () C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe
2011-06-29 09:13 - 2010-04-05 21:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-05 09:36 - 2014-08-05 09:36 - 00374272 _____ () C:\Users\Josef\AppData\Roaming\Hub Timer\sub\default.dll
2010-05-24 17:16 - 2010-05-24 17:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-05-24 17:09 - 2010-05-24 17:09 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-02-23 05:04 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-08-06 17:15 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Gast\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2011-12-07 20:36 - 2009-10-06 15:36 - 00205312 _____ () C:\Program Files (x86)\StarMoney 7.0\ouservice\PATCHW32.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-03-02 12:40 - 2009-12-24 03:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-19 16:21 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Josef\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-06-18 18:27 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-08-03 11:02 - 2013-08-18 15:36 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll
2014-08-13 21:12 - 2014-08-13 21:12 - 17048240 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13223783

Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13223783

Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569

Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569

Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/22/2014 09:56:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SoftonicDownloader_fuer_gadwin-printscreen.exe, Version 1.41.3.9 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1190

Startzeit: 01cfbdde609dcfab

Endzeit: 3

Anwendungspfad: C:\Users\Gast\Downloads\SoftonicDownloader_fuer_gadwin-printscreen.exe

Berichts-ID: de235809-29d1-11e4-9fc2-705ab6c9791b

Error: (08/22/2014 09:47:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SoftonicDownloader_fuer_gadwin-printscreen.exe, Version 1.41.3.9 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1614

Startzeit: 01cfbddd0d81dc5f

Endzeit: 5

Anwendungspfad: C:\Users\Gast\Downloads\SoftonicDownloader_fuer_gadwin-printscreen.exe

Berichts-ID: 96d4f58b-29d0-11e4-9fc2-705ab6c9791b

Error: (08/21/2014 10:00:51 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.InvalidOperationException: Die Sequenz enthält keine Elemente.
   bei System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
   bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)
   bei System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
   bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)
   bei Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)
   bei Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (08/20/2014 08:54:46 PM) (Source: BackItUp5) (EventID: 3374) (User: )
Description: Backup process failed.


System errors:
=============
Error: (08/23/2014 03:18:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ACLE6Live

Error: (08/23/2014 03:17:10 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)

Error: (08/23/2014 03:09:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ACLE6Live

Error: (08/23/2014 03:09:29 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)

Error: (08/23/2014 03:08:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/23/2014 03:08:34 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)

Error: (08/23/2014 02:09:04 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)

Error: (08/23/2014 02:08:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ACLE6Live

Error: (08/23/2014 02:08:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/23/2014 02:08:02 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13223783

Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13223783

Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569

Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569

Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/22/2014 09:56:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftonicDownloader_fuer_gadwin-printscreen.exe1.41.3.9119001cfbdde609dcfab3C:\Users\Gast\Downloads\SoftonicDownloader_fuer_gadwin-printscreen.exede235809-29d1-11e4-9fc2-705ab6c9791b

Error: (08/22/2014 09:47:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftonicDownloader_fuer_gadwin-printscreen.exe1.41.3.9161401cfbddd0d81dc5f5C:\Users\Gast\Downloads\SoftonicDownloader_fuer_gadwin-printscreen.exe96d4f58b-29d0-11e4-9fc2-705ab6c9791b

Error: (08/21/2014 10:00:51 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.InvalidOperationException: Die Sequenz enthält keine Elemente.
   bei System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
   bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)
   bei System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
   bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)
   bei Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)
   bei Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (08/20/2014 08:54:46 PM) (Source: BackItUp5) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 48%
Total physical RAM: 3958.78 MB
Available physical RAM: 2036.38 MB
Total Pagefile: 7915.73 MB
Available Pagefile: 5613.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:584.07 GB) (Free:404.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F3F55134)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 25.08.2014, 11:28   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.08.2014, 14:53   #6
Computernixv
 
Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



Beim ersten ausführen des Programms traten am Ende nach bzw. beim "löschen" Probleme auf und das Programm musste geschlossen werden. Hab es dann nochmal ausgeführt und dann lief es sauber durch. Der logfile ist vom 2. Durchlauf. Beim 1. gab es keinen.


Code:
ATTFilter
# AdwCleaner v3.308 - Bericht erstellt am 25/08/2014 um 15:28:16
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Josef - KURTMARKO-PC
# Gestartet von : C:\Users\Josef\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : HubService
Dienst Gelöscht : SProtection

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\Common Files\IMGUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Users\Josef\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\Josef\AppData\Roaming\Hub Timer
Ordner Gelöscht : C:\Users\Josef\AppData\Roaming\Security Systems
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
Datei Gelöscht : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_602798\user.js
Datei Gelöscht : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\user.js

***** [ Tasks ] *****

Task Gelöscht : Freemium1ClickMaint
Task Gelöscht : Software Updater Ui
Task Gelöscht : Software Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6F7E26D7-C6AD-49BE-B48E-A5FCEE221C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B21E5B2D-2AF6-4182-9E8E-1FF00EE3EFD0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\IMGUPDATER
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Umbrella
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6e64ht3s.default\prefs.js ]

Zeile gelöscht : user_pref("iminent.BirthDate", "1408693691");
Zeile gelöscht : user_pref("iminent.LayoutId", "1");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
Zeile gelöscht : user_pref("iminent.adapters", "{\"www.google.de\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"google\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"1408693804993864[...]
Zeile gelöscht : user_pref("iminent.enableToolbar", "false");
Zeile gelöscht : user_pref("iminent.newtabredirect", "false");
Zeile gelöscht : user_pref("iminent.nomsi", "true");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent101", "1408711551405");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1408693807057");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent109", "1408711634576");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent111", "1408711634295");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent112", "1408711636750");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent122", "1408711634859");
Zeile gelöscht : user_pref("iminent.searchindex", "1");
Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Zeile gelöscht : user_pref("iminent.version", "8.33.3.1");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.33.3.1\",\"InstallEventCTime\":1408693802204,\"InstallEvent\":\"True\"}");

[ Datei : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_602798\prefs.js ]


[ Datei : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\prefs.js ]

Zeile gelöscht : user_pref("iminent.BirthDate", "1408693691");
Zeile gelöscht : user_pref("iminent.enableToolbar", "false");
Zeile gelöscht : user_pref("iminent.enabledAds", "false");
Zeile gelöscht : user_pref("iminent.newtabredirect", "false");
Zeile gelöscht : user_pref("iminent.nomsi", "true");
Zeile gelöscht : user_pref("iminent.searchindex", "1");

[ Datei : C:\Users\Kurt Marko\AppData\Roaming\Mozilla\Firefox\Profiles\5vub7u1w.default\prefs.js ]

Zeile gelöscht : user_pref("iminent.enableToolbar", "false");
Zeile gelöscht : user_pref("iminent.BirthDate", "1408693691");
Zeile gelöscht : user_pref("iminent.searchindex", "1");
Zeile gelöscht : user_pref("iminent.newtabredirect", "false");
Zeile gelöscht : user_pref("iminent.enableToolbar", "false");
Zeile gelöscht : user_pref("iminent.nomsi", "true");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [23404 octets] - [23/09/2013 09:33:35]
AdwCleaner[R1].txt - [8474 octets] - [25/08/2014 15:22:07]
AdwCleaner[R2].txt - [8560 octets] - [25/08/2014 15:27:14]
AdwCleaner[S0].txt - [22496 octets] - [23/09/2013 09:35:07]
AdwCleaner[S1].txt - [358 octets] - [25/08/2014 15:26:08]
AdwCleaner[S2].txt - [8348 octets] - [25/08/2014 15:28:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [8408 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Josef on 25.08.2014 at 15:37:21,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Successfully deleted the following from C:\Users\Josef\AppData\Roaming\mozilla\firefox\profiles\zm0ohrbj.default-1378816091927\prefs.js

user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Anal
user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
user_pref("extensions.AVIRA-V7.hpr_ff", "\"hxxp://avira.search.ask.com/?p2=%5EB0Q%5EYYYYYY%5EZF%5EDE&gct=hp&o=APN11074&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EZF%5EDE&tpid=AVIRA
Emptied folder: C:\Users\Josef\AppData\Roaming\mozilla\firefox\profiles\zm0ohrbj.default-1378816091927\minidumps [113 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2014 at 15:44:20,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Josef (administrator) on KURTMARKO-PC on 25-08-2014 15:47:01
Running from C:\Users\Josef\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3993416 2011-10-04] (O&O Software GmbH)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\MountPoints2: {0ae5441f-fc62-11e2-868e-705ab6c9791b} - E:\install.bat
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kurt Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510j725l0474z145t5562k54n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: No Name -> {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} -> C:\Users\Josef\AppData\LocalLow\Internet Explorer BHO\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Josef\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Foxy Secure 7 - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\connect@foxy-sec.com [2014-08-05]
FF Extension: Iminent - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\firefoxmini@go.im.xpi [2014-08-22]
FF Extension: CookieCuller - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-01-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-08-03]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [312032 2010-05-04] (Softwareentwicklung Remus - ArchiCrypt)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3271496 2011-10-04] (O&O Software GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 ACLE6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLN6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24664 2011-01-26] ()
S3 Mass_Storage_Filter; C:\Windows\System32\DRIVERS\Mass_Storage_Filter.sys [13336 2012-07-23] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2009-10-19] (SCM Microsystems Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-13] (Duplex Secure Ltd.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 15:46 - 2014-08-25 15:46 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
2014-08-25 15:44 - 2014-08-25 15:44 - 00001610 _____ () C:\Users\Josef\Desktop\JRT.txt
2014-08-25 15:36 - 2014-08-25 15:36 - 01016261 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-08-25 15:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-25 15:21 - 2014-08-25 15:21 - 01364531 _____ () C:\Users\Josef\Downloads\adwcleaner_3.308.exe
2014-08-25 10:50 - 2014-08-25 10:50 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-23 18:44 - 2014-08-23 18:44 - 00010908 _____ () C:\Users\Josef\Desktop\gmer.txt
2014-08-23 16:39 - 2014-08-23 16:40 - 00292104 _____ () C:\Windows\Minidump\082314-25708-01.dmp
2014-08-23 16:02 - 2014-08-23 16:02 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357(1).exe
2014-08-23 15:30 - 2014-08-23 15:30 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357.exe
2014-08-23 15:27 - 2014-08-23 15:28 - 00054110 _____ () C:\Users\Josef\Downloads\Addition.txt
2014-08-23 15:25 - 2014-08-25 15:47 - 00022828 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:12 - 2014-08-23 15:13 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 10:16 - 2014-08-22 10:19 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:47 - 2014-08-22 10:12 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2014-08-14 14:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 22:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 22:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 22:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 22:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:28 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:28 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:28 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:28 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:28 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:28 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:28 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:28 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:28 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:28 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:28 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:28 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:28 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:28 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:27 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:27 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:27 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:27 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:27 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:27 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:27 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:27 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:27 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:27 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:25 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:25 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 21:25 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:25 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-06 10:08 - 2014-08-23 16:39 - 815111471 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-23 16:39 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 10:08 - 2014-08-06 10:09 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 09:26 - 2014-08-22 19:24 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:35 - 2014-08-25 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:30 - 2014-08-05 09:33 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 19:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 19:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 19:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 19:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 15:48 - 2014-08-23 15:25 - 00022828 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-25 15:47 - 2014-01-23 11:00 - 00000000 ____D () C:\FRST
2014-08-25 15:46 - 2014-08-25 15:46 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
2014-08-25 15:44 - 2014-08-25 15:44 - 00001610 _____ () C:\Users\Josef\Desktop\JRT.txt
2014-08-25 15:39 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 15:39 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 15:36 - 2014-08-25 15:36 - 01016261 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-08-25 15:32 - 2009-07-14 06:45 - 00458816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 15:30 - 2012-06-03 21:18 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 15:29 - 2013-09-09 22:49 - 00046051 _____ () C:\Windows\setupact.log
2014-08-25 15:29 - 2013-09-09 22:48 - 00265620 _____ () C:\Windows\PFRO.log
2014-08-25 15:29 - 2011-09-23 19:10 - 02455650 _____ () C:\Windows\system32\oodbs.lor
2014-08-25 15:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 15:28 - 2013-09-23 09:26 - 00000000 ____D () C:\AdwCleaner
2014-08-25 15:28 - 2011-07-15 23:45 - 01456006 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 15:21 - 2014-08-25 15:21 - 01364531 _____ () C:\Users\Josef\Downloads\adwcleaner_3.308.exe
2014-08-25 15:01 - 2012-06-03 21:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 14:52 - 2012-06-03 13:14 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job
2014-08-25 14:52 - 2012-05-08 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 10:50 - 2014-08-25 10:50 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-25 10:50 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-25 10:02 - 2013-01-26 19:54 - 00003494 _____ () C:\Windows\System32\Tasks\Josef NBAgent 5 4
2014-08-24 20:04 - 2012-06-03 13:14 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job
2014-08-24 18:49 - 2012-08-31 08:19 - 00000000 ____D () C:\Users\Josef\ASB
2014-08-23 18:50 - 2014-04-03 08:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 18:44 - 2014-08-23 18:44 - 00010908 _____ () C:\Users\Josef\Desktop\gmer.txt
2014-08-23 16:40 - 2014-08-23 16:39 - 00292104 _____ () C:\Windows\Minidump\082314-25708-01.dmp
2014-08-23 16:39 - 2014-08-06 10:08 - 815111471 _____ () C:\Windows\MEMORY.DMP
2014-08-23 16:39 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-23 16:02 - 2014-08-23 16:02 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357(1).exe
2014-08-23 15:30 - 2014-08-23 15:30 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357.exe
2014-08-23 15:28 - 2014-08-23 15:27 - 00054110 _____ () C:\Users\Josef\Downloads\Addition.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:14 - 2012-05-15 15:04 - 00000000 ____D () C:\Users\Josef
2014-08-23 15:13 - 2014-08-23 15:12 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 19:24 - 2014-08-06 09:26 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-22 19:24 - 2014-06-02 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-22 10:19 - 2014-08-22 10:16 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 10:12 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 11:25 - 2010-03-25 05:51 - 00770060 _____ () C:\Windows\system32\perfh007.dat
2014-08-20 11:25 - 2010-03-25 05:51 - 00174240 _____ () C:\Windows\system32\perfc007.dat
2014-08-20 11:25 - 2009-07-14 07:13 - 01796562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 09:28 - 2012-05-15 15:08 - 00000000 ____D () C:\Users\Josef\Valentin
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 12:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2013-09-11 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 14:22 - 2014-08-14 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 11:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:51 - 2014-05-01 14:26 - 00000000 ____D () C:\Users\Gast
2014-08-14 06:51 - 2011-06-22 21:38 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-14 06:51 - 2011-03-21 14:14 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-14 06:51 - 2010-05-10 15:05 - 00000000 ____D () C:\Users\Kurt Marko
2014-08-14 06:51 - 2010-03-25 05:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-08-14 06:51 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-14 06:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-13 23:07 - 2010-03-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:59 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 22:51 - 2010-05-10 21:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 22:43 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 21:12 - 2012-05-08 20:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 21:12 - 2012-05-08 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:12 - 2011-06-22 12:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-07 04:06 - 2014-08-13 21:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 21:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:09 - 2014-08-06 10:08 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 09:26 - 2013-09-14 14:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:33 - 2014-08-05 09:30 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-08-05 09:04 - 2011-06-29 09:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-01 01:41 - 2014-08-13 21:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 21:27 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-27 16:36 - 2012-05-15 16:17 - 00000000 ____D () C:\Users\Josef\Michael

Files to move or delete:
====================
C:\Users\Josef\ccsetup405_slim_4.05.exe
C:\Users\Josef\GoogleEarthSetup.exe
C:\Users\Josef\JRT.exe
C:\Users\Josef\mbam-setup-1.75.0.1300.exe
C:\Users\Josef\vlc-2.0.8_win32.exe


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\IminentSetup_july17.exe
C:\Users\Josef\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 12:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Wie gehe ich am besten vor um antivira freeware zu löschen und danach gekaufte nortan antivir security zu installieren? Computer sollte vorher virenfrei sein, denn ich habe ne kostenlose Virenbeseitigung von norten mit dazu bekommen wenn sich nach Installation ein Virenbefall ereignet.

Alt 26.08.2014, 06:24   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.08.2014, 17:49   #8
Computernixv
 
Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2a66c93130cc70478ab16be3c13b78ca
# engine=16787
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-24 05:46:46
# local_time=2014-01-24 06:46:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 22523 11420493 15296 0
# compatibility_mode=5893 16776574 100 94 17015715 142215456 0 0
# scanned=295752
# found=0
# cleaned=0
# scan_time=8546
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2a66c93130cc70478ab16be3c13b78ca
# engine=16787
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-26 11:37:56
# local_time=2014-08-26 01:37:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 14321 29887866 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35483185 160682926 0 0
# scanned=381574
# found=9
# cleaned=0
# scan_time=13035
sh=2A88FC6509FDC3B22587F6E97AC12F70E4F75DC8 ft=1 fh=86e0df17c19558fd vn="Variante von Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe"
sh=F2CFD9E6717ED73F51E976B3957C81DD518C5603 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.10.0_AVIRA-V7.msi"
sh=5E12FDAD3FCC3D96C1018E2D2F7A7F9F0B3F0633 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.4.0_AVIRA-V7.msi"
sh=F4B0FF4B42F223CF8338684906BCFFAD9AA2710E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.6.0_AVIRA-V7.msi"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=BC92C9C2C5F5FB9F2A3EF098443FEFD86D80064F ft=1 fh=62d1cfbd545f317d vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="G:\Dateien ASB Computer Seminararbeit\Eigene Dateien\Downloads\avira_free_antivirus_de.exe"
sh=D789BB47A683C7168A58D18ABF52974ECF468301 ft=1 fh=9148df94f4fc16fc vn="Variante von Win32/MediaGet evtl. unerwünschte Anwendung" ac=I fn="G:\lwc\Tools\AcrobatReader9\Adobe_Community_Help_3.5.0_mediaget.exe"
sh=E430FF22D842E9940E97BBE95A51A28E131E45B3 ft=1 fh=cac44e7cc296e6b3 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="G:\lwc\Tools\FreeVideoConverter\Setup_FreeVideoConverter.exe"
sh=10E39108C28FABDB8E01B85B789C31A06FE8D033 ft=1 fh=16220121e2f61614 vn="Mehrere Bedrohungen" ac=I fn="G:\lwc\Tools\PinacleTV\setup_christv_5_30_lite.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.7011)   
 Java 7 Update 67  
 Java 3D 1.5.1   
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Mozilla Thunderbird (24.6.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 StarMoney 7.0 ouservice StarMoneyOnlineUpdate.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Josef (administrator) on KURTMARKO-PC on 26-08-2014 14:00:50
Running from C:\Users\Josef\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Josef\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3993416 2011-10-04] (O&O Software GmbH)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\MountPoints2: {0ae5441f-fc62-11e2-868e-705ab6c9791b} - E:\install.bat
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kurt Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510j725l0474z145t5562k54n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: No Name -> {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} -> C:\Users\Josef\AppData\LocalLow\Internet Explorer BHO\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Josef\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Foxy Secure 7 - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\connect@foxy-sec.com [2014-08-05]
FF Extension: Iminent - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\firefoxmini@go.im.xpi [2014-08-22]
FF Extension: CookieCuller - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-01-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-08-03]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [312032 2010-05-04] (Softwareentwicklung Remus - ArchiCrypt)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3271496 2011-10-04] (O&O Software GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 ACLE6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLN6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24664 2011-01-26] ()
S3 Mass_Storage_Filter; C:\Windows\System32\DRIVERS\Mass_Storage_Filter.sys [13336 2012-07-23] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2009-10-19] (SCM Microsystems Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-13] (Duplex Secure Ltd.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 14:00 - 2014-08-26 14:00 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(2).exe
2014-08-26 13:51 - 2014-08-26 13:52 - 00854417 _____ () C:\Users\Josef\Desktop\SecurityCheck.exe
2014-08-26 09:57 - 2014-08-26 09:57 - 02347384 _____ (ESET) C:\Users\Josef\Downloads\esetsmartinstaller_deu.exe
2014-08-25 15:46 - 2014-08-25 15:46 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
2014-08-25 15:44 - 2014-08-25 15:44 - 00001610 _____ () C:\Users\Josef\Desktop\JRT.txt
2014-08-25 15:36 - 2014-08-25 15:36 - 01016261 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-08-25 15:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-25 15:21 - 2014-08-25 15:21 - 01364531 _____ () C:\Users\Josef\Downloads\adwcleaner_3.308.exe
2014-08-25 10:50 - 2014-08-25 10:50 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-23 18:44 - 2014-08-23 18:44 - 00010908 _____ () C:\Users\Josef\Desktop\gmer.txt
2014-08-23 16:39 - 2014-08-23 16:40 - 00292104 _____ () C:\Windows\Minidump\082314-25708-01.dmp
2014-08-23 16:02 - 2014-08-23 16:02 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357(1).exe
2014-08-23 15:30 - 2014-08-23 15:30 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357.exe
2014-08-23 15:27 - 2014-08-23 15:28 - 00054110 _____ () C:\Users\Josef\Downloads\Addition.txt
2014-08-23 15:25 - 2014-08-26 14:00 - 00022797 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:12 - 2014-08-23 15:13 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 10:16 - 2014-08-22 10:19 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:47 - 2014-08-22 10:12 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2014-08-14 14:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 22:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 22:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 22:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 22:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:28 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:28 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:28 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:28 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:28 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:28 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:28 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:28 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:28 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:28 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:28 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:28 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:28 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:28 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:27 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:27 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:27 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:27 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:27 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:27 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:27 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:27 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:27 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:27 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:25 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:25 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 21:25 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:25 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-06 10:08 - 2014-08-23 16:39 - 815111471 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-23 16:39 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 10:08 - 2014-08-06 10:09 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 09:26 - 2014-08-22 19:24 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:35 - 2014-08-25 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:30 - 2014-08-05 09:33 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 19:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 19:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 19:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 19:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 14:01 - 2014-08-23 15:25 - 00022797 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-26 14:01 - 2012-06-03 21:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 14:00 - 2014-08-26 14:00 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(2).exe
2014-08-26 14:00 - 2014-01-23 11:00 - 00000000 ____D () C:\FRST
2014-08-26 13:52 - 2014-08-26 13:51 - 00854417 _____ () C:\Users\Josef\Desktop\SecurityCheck.exe
2014-08-26 13:49 - 2012-05-08 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 11:15 - 2012-06-04 16:54 - 00004186 _____ () C:\Windows\System32\Tasks\Josef Local Autobackup 5 4
2014-08-26 11:04 - 2012-06-03 13:14 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job
2014-08-26 10:01 - 2012-06-03 21:18 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 09:59 - 2010-03-25 05:51 - 00770060 _____ () C:\Windows\system32\perfh007.dat
2014-08-26 09:59 - 2010-03-25 05:51 - 00174240 _____ () C:\Windows\system32\perfc007.dat
2014-08-26 09:59 - 2009-07-14 07:13 - 01796562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 09:57 - 2014-08-26 09:57 - 02347384 _____ (ESET) C:\Users\Josef\Downloads\esetsmartinstaller_deu.exe
2014-08-26 09:42 - 2013-01-26 19:54 - 00003494 _____ () C:\Windows\System32\Tasks\Josef NBAgent 5 4
2014-08-26 09:41 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 09:41 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 09:39 - 2011-07-15 23:45 - 01483001 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 09:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 09:31 - 2013-09-09 22:49 - 00046163 _____ () C:\Windows\setupact.log
2014-08-26 09:31 - 2011-09-23 19:10 - 02458200 _____ () C:\Windows\system32\oodbs.lor
2014-08-25 20:04 - 2012-06-03 13:14 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job
2014-08-25 20:03 - 2009-07-14 06:45 - 00458816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 15:46 - 2014-08-25 15:46 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
2014-08-25 15:44 - 2014-08-25 15:44 - 00001610 _____ () C:\Users\Josef\Desktop\JRT.txt
2014-08-25 15:36 - 2014-08-25 15:36 - 01016261 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-08-25 15:29 - 2013-09-09 22:48 - 00265620 _____ () C:\Windows\PFRO.log
2014-08-25 15:28 - 2013-09-23 09:26 - 00000000 ____D () C:\AdwCleaner
2014-08-25 15:21 - 2014-08-25 15:21 - 01364531 _____ () C:\Users\Josef\Downloads\adwcleaner_3.308.exe
2014-08-25 10:50 - 2014-08-25 10:50 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-25 10:50 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-24 18:49 - 2012-08-31 08:19 - 00000000 ____D () C:\Users\Josef\ASB
2014-08-23 18:50 - 2014-04-03 08:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 18:44 - 2014-08-23 18:44 - 00010908 _____ () C:\Users\Josef\Desktop\gmer.txt
2014-08-23 16:40 - 2014-08-23 16:39 - 00292104 _____ () C:\Windows\Minidump\082314-25708-01.dmp
2014-08-23 16:39 - 2014-08-06 10:08 - 815111471 _____ () C:\Windows\MEMORY.DMP
2014-08-23 16:39 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-23 16:02 - 2014-08-23 16:02 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357(1).exe
2014-08-23 15:30 - 2014-08-23 15:30 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357.exe
2014-08-23 15:28 - 2014-08-23 15:27 - 00054110 _____ () C:\Users\Josef\Downloads\Addition.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:14 - 2012-05-15 15:04 - 00000000 ____D () C:\Users\Josef
2014-08-23 15:13 - 2014-08-23 15:12 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 19:24 - 2014-08-06 09:26 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-22 19:24 - 2014-06-02 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-22 10:19 - 2014-08-22 10:16 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 10:12 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 09:28 - 2012-05-15 15:08 - 00000000 ____D () C:\Users\Josef\Valentin
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 12:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2013-09-11 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 14:22 - 2014-08-14 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 11:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:51 - 2014-05-01 14:26 - 00000000 ____D () C:\Users\Gast
2014-08-14 06:51 - 2011-06-22 21:38 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-14 06:51 - 2011-03-21 14:14 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-14 06:51 - 2010-05-10 15:05 - 00000000 ____D () C:\Users\Kurt Marko
2014-08-14 06:51 - 2010-03-25 05:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-08-14 06:51 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-14 06:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-13 23:07 - 2010-03-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:59 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 22:51 - 2010-05-10 21:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 22:43 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 21:12 - 2012-05-08 20:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 21:12 - 2012-05-08 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:12 - 2011-06-22 12:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-07 04:06 - 2014-08-13 21:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 21:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:09 - 2014-08-06 10:08 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 09:26 - 2013-09-14 14:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:33 - 2014-08-05 09:30 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-08-05 09:04 - 2011-06-29 09:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-01 01:41 - 2014-08-13 21:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 21:27 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-27 16:36 - 2012-05-15 16:17 - 00000000 ____D () C:\Users\Josef\Michael

Files to move or delete:
====================
C:\Users\Josef\ccsetup405_slim_4.05.exe
C:\Users\Josef\GoogleEarthSetup.exe
C:\Users\Josef\JRT.exe
C:\Users\Josef\mbam-setup-1.75.0.1300.exe
C:\Users\Josef\vlc-2.0.8_win32.exe


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\IminentSetup_july17.exe
C:\Users\Josef\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 12:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

mbam schlägt noch alarm...


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.08.2014
Suchlauf-Zeit: 14:04:41
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.26.01
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Josef

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 471163
Verstrichene Zeit: 27 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 6
PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [039601c86b109a9ca8a4624955ad2dd3], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [039601c86b109a9ca8a4624955ad2dd3], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, , [861307c2ef8c1125370aa1623fc4fc04], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, , [5544f4d5a7d4b87ea4de44d43cc7b24e], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, , [4554efda9be0053162dfa65d0cf76d93], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [d5c419b0423956e0fdb1808625de9868], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.Iminent.A, C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\extensions\firefoxmini@go.im.xpi, , [7227cffadd9e42f474de5099c33fcb35], 
PUP.Optional.Iminent.A, C:\Users\Kurt Marko\AppData\Roaming\Mozilla\Firefox\Profiles\5vub7u1w.default\extensions\firefoxmini@go.im.xpi, , [aeebcbfe90ebbd794f038168976bea16], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/08/26 14:04:41 +0200</date>
<logfile>mbam-log-2014-08-26 (14-04-36).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.26.01</malware-database>
<rootkit-database>v2014.08.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Josef</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>471163</objects>
<time>1620</time>
<processes>0</processes>
<modules>0</modules>
<keys>6</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>039601c86b109a9ca8a4624955ad2dd3</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>039601c86b109a9ca8a4624955ad2dd3</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>861307c2ef8c1125370aa1623fc4fc04</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>5544f4d5a7d4b87ea4de44d43cc7b24e</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>4554efda9be0053162dfa65d0cf76d93</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>delete-on-reboot</action><hash>d5c419b0423956e0fdb1808625de9868</hash></key>
<file><path>C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\extensions\firefoxmini@go.im.xpi</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>7227cffadd9e42f474de5099c33fcb35</hash></file>
<file><path>C:\Users\Kurt Marko\AppData\Roaming\Mozilla\Firefox\Profiles\5vub7u1w.default\extensions\firefoxmini@go.im.xpi</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>aeebcbfe90ebbd794f038168976bea16</hash></file>
</items>
</mbam-log>
         
avira auch - vor allem bei der tragbaren Festplatte die als Sicherung dient :-(

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 26. August 2014  14:54


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : KURTMARKO-PC

Versionsinformationen:
BUILD.DAT      : 14.0.6.552     92022 Bytes  23.07.2014 13:29:00
AVSCAN.EXE     : 14.0.6.548   1046608 Bytes  06.08.2014 07:07:06
AVSCANRC.DLL   : 14.0.6.522     62544 Bytes  06.08.2014 07:07:06
LUKE.DLL       : 14.0.6.522     57936 Bytes  06.08.2014 07:07:27
AVSCPLR.DLL    : 14.0.6.548     92752 Bytes  06.08.2014 07:07:07
AVREG.DLL      : 14.0.6.522    262224 Bytes  06.08.2014 07:07:04
avlode.dll     : 14.0.6.526    603728 Bytes  06.08.2014 07:07:03
avlode.rdf     : 14.0.4.42      65114 Bytes  17.07.2014 21:49:01
XBV00009.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00010.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00011.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00012.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00013.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00014.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00015.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00016.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00017.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:06
XBV00018.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00019.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:45:07
XBV00093.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00094.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00095.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00096.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00097.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00098.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00099.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00100.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00101.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00102.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00103.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00104.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00105.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00106.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00107.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00108.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00109.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00110.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00111.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00112.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00113.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00114.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00115.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00116.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00117.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00118.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:16
XBV00119.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00120.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00121.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00122.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00123.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00124.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00125.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00126.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00127.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00128.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00129.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00130.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00131.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00132.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00133.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00134.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00135.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00136.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00137.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00138.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00139.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00140.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00141.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00142.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00143.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00144.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00145.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00146.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00147.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00148.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00149.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00150.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:17
XBV00151.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00152.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00153.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00154.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00155.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00156.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00157.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00158.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00159.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00160.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00161.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00162.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00163.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00164.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00165.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00166.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00167.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00168.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00169.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00170.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00171.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00172.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00173.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00174.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00175.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00176.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00177.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00178.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00179.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00180.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00181.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00182.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00183.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:18
XBV00184.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00185.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00186.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00187.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00188.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00189.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00190.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00191.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00192.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00193.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00194.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00195.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00196.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00197.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00198.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00199.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00200.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00201.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00202.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00203.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00204.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00205.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00206.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00207.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00208.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00209.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00210.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00211.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00212.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00213.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00214.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:19
XBV00215.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00216.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00217.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00218.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00219.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00220.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00221.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00222.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00223.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00224.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00225.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00226.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00227.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00228.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00229.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00230.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00231.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00232.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00233.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00234.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00235.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00236.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00237.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00238.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00239.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00240.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00241.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00242.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00243.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00244.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00245.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:20
XBV00246.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00247.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00248.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00249.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00250.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00251.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00252.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00253.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00254.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00255.VDF   : 8.11.167.234     2048 Bytes  19.08.2014 12:10:21
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 13:26:19
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 13:26:22
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 13:26:24
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 13:26:26
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 13:26:29
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 13:26:35
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 17:17:02
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 17:07:42
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 13:45:06
XBV00042.VDF   : 8.11.167.234  1073152 Bytes  19.08.2014 12:10:14
XBV00043.VDF   : 8.11.167.236     3584 Bytes  19.08.2014 12:10:14
XBV00044.VDF   : 8.11.167.238    17408 Bytes  19.08.2014 18:10:12
XBV00045.VDF   : 8.11.167.242     7168 Bytes  19.08.2014 18:10:12
XBV00046.VDF   : 8.11.167.248     2048 Bytes  19.08.2014 18:10:12
XBV00047.VDF   : 8.11.168.26    19968 Bytes  19.08.2014 18:10:12
XBV00048.VDF   : 8.11.168.44    10240 Bytes  19.08.2014 11:52:32
XBV00049.VDF   : 8.11.168.60     2048 Bytes  19.08.2014 11:52:32
XBV00050.VDF   : 8.11.168.78    27136 Bytes  20.08.2014 11:52:32
XBV00051.VDF   : 8.11.168.80     2048 Bytes  20.08.2014 11:52:32
XBV00052.VDF   : 8.11.168.98    15360 Bytes  20.08.2014 17:51:30
XBV00053.VDF   : 8.11.168.100     2048 Bytes  20.08.2014 17:51:30
XBV00054.VDF   : 8.11.168.116    28160 Bytes  20.08.2014 06:27:29
XBV00055.VDF   : 8.11.168.118     9216 Bytes  20.08.2014 06:27:30
XBV00056.VDF   : 8.11.168.120     4096 Bytes  20.08.2014 06:27:30
XBV00057.VDF   : 8.11.168.124    12800 Bytes  21.08.2014 06:27:30
XBV00058.VDF   : 8.11.168.126    25088 Bytes  21.08.2014 14:36:23
XBV00059.VDF   : 8.11.168.132    33280 Bytes  21.08.2014 06:38:11
XBV00060.VDF   : 8.11.168.134     2048 Bytes  21.08.2014 06:38:11
XBV00061.VDF   : 8.11.168.138    11776 Bytes  21.08.2014 06:38:11
XBV00062.VDF   : 8.11.168.140     3584 Bytes  21.08.2014 06:38:11
XBV00063.VDF   : 8.11.168.158     3584 Bytes  22.08.2014 12:38:26
XBV00064.VDF   : 8.11.168.174     2048 Bytes  22.08.2014 12:38:26
XBV00065.VDF   : 8.11.168.180     5120 Bytes  22.08.2014 12:38:26
XBV00066.VDF   : 8.11.168.220     7168 Bytes  22.08.2014 12:38:26
XBV00067.VDF   : 8.11.168.222    20480 Bytes  22.08.2014 19:50:59
XBV00068.VDF   : 8.11.168.226    17920 Bytes  22.08.2014 19:50:59
XBV00069.VDF   : 8.11.168.230     8704 Bytes  22.08.2014 07:40:00
XBV00070.VDF   : 8.11.168.234     4608 Bytes  23.08.2014 19:38:57
XBV00071.VDF   : 8.11.168.236     4608 Bytes  23.08.2014 19:38:57
XBV00072.VDF   : 8.11.168.238     4608 Bytes  23.08.2014 19:38:57
XBV00073.VDF   : 8.11.168.240    37376 Bytes  23.08.2014 19:38:57
XBV00074.VDF   : 8.11.168.242     2048 Bytes  23.08.2014 19:38:57
XBV00075.VDF   : 8.11.168.244    38400 Bytes  24.08.2014 14:57:11
XBV00076.VDF   : 8.11.168.246     2048 Bytes  24.08.2014 14:57:11
XBV00077.VDF   : 8.11.168.248    14848 Bytes  24.08.2014 14:57:11
XBV00078.VDF   : 8.11.168.252     2048 Bytes  24.08.2014 14:57:12
XBV00079.VDF   : 8.11.168.254    24576 Bytes  24.08.2014 14:57:12
XBV00080.VDF   : 8.11.169.2      2048 Bytes  24.08.2014 07:58:47
XBV00081.VDF   : 8.11.169.4     22528 Bytes  25.08.2014 07:58:47
XBV00082.VDF   : 8.11.169.20     6656 Bytes  25.08.2014 07:58:47
XBV00083.VDF   : 8.11.169.36     4608 Bytes  25.08.2014 13:57:54
XBV00084.VDF   : 8.11.169.38    11264 Bytes  25.08.2014 13:57:54
XBV00085.VDF   : 8.11.169.40     2048 Bytes  25.08.2014 13:57:54
XBV00086.VDF   : 8.11.169.54     8192 Bytes  25.08.2014 13:57:54
XBV00087.VDF   : 8.11.169.62    28672 Bytes  25.08.2014 19:57:53
XBV00088.VDF   : 8.11.169.66    14336 Bytes  25.08.2014 07:38:20
XBV00089.VDF   : 8.11.169.68     3584 Bytes  25.08.2014 07:38:20
XBV00090.VDF   : 8.11.169.72    15872 Bytes  26.08.2014 07:38:20
XBV00091.VDF   : 8.11.169.74     6144 Bytes  26.08.2014 07:38:20
XBV00092.VDF   : 8.11.169.76    12288 Bytes  26.08.2014 07:38:20
LOCAL001.VDF   : 8.11.169.76 109282304 Bytes  26.08.2014 07:38:40
Engineversion  : 8.3.24.18 
AEVDF.DLL      : 8.3.1.6       133992 Bytes  20.08.2014 17:51:30
AESCRIPT.DLL   : 8.2.0.18      437104 Bytes  22.08.2014 12:38:26
AESCN.DLL      : 8.3.2.2       139456 Bytes  21.07.2014 13:38:59
AESBX.DLL      : 8.2.20.24    1409224 Bytes  08.05.2014 17:18:01
AERDL.DLL      : 8.2.0.138     704888 Bytes  02.12.2013 14:05:13
AEPACK.DLL     : 8.4.0.50      792488 Bytes  07.08.2014 13:45:03
AEOFFICE.DLL   : 8.3.0.20      216104 Bytes  14.08.2014 16:00:51
AEHEUR.DLL     : 8.1.4.1240   7433072 Bytes  22.08.2014 12:38:26
AEHELP.DLL     : 8.3.1.0       278728 Bytes  28.05.2014 16:53:50
AEGEN.DLL      : 8.1.7.28      450752 Bytes  06.06.2014 18:33:43
AEEXP.DLL      : 8.4.2.30      247712 Bytes  22.08.2014 12:38:26
AEEMU.DLL      : 8.1.3.4       399264 Bytes  07.08.2014 13:45:01
AEDROID.DLL    : 8.4.2.24      442568 Bytes  04.06.2014 16:55:07
AECORE.DLL     : 8.3.2.6       243712 Bytes  07.08.2014 13:45:01
AEBB.DLL       : 8.1.2.0        60448 Bytes  07.08.2014 13:45:01
AVWINLL.DLL    : 14.0.6.522     24144 Bytes  06.08.2014 07:07:01
AVPREF.DLL     : 14.0.6.522     50256 Bytes  06.08.2014 07:07:04
AVREP.DLL      : 14.0.6.522    219216 Bytes  06.08.2014 07:07:04
AVARKT.DLL     : 14.0.5.368    226384 Bytes  01.07.2014 12:04:40
AVEVTLOG.DLL   : 14.0.6.522    182352 Bytes  06.08.2014 07:07:02
SQLITE3.DLL    : 14.0.6.522    452176 Bytes  06.08.2014 07:07:29
AVSMTP.DLL     : 14.0.6.522     76368 Bytes  06.08.2014 07:07:07
NETNT.DLL      : 14.0.6.522     13392 Bytes  06.08.2014 07:07:27
RCIMAGE.DLL    : 14.0.6.544   4863568 Bytes  06.08.2014 07:07:01
RCTEXT.DLL     : 14.0.6.536     74320 Bytes  06.08.2014 07:07:01

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, G:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 26. August 2014  14:54

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'HDD1(E:)'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'HDD3(G:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArchiCryptInjector64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFReaderDriverService3x64.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodag.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'sua.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '199' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'itype.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodtray.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'PrintScreen.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'splwow64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'MMDx64Fx.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBAgent.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '135' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '27694' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
Beginne mit der Suche in 'E:\'
Beginne mit der Suche in 'G:\' <Iomega_Ext_Drive>
    [0] Archivtyp: OVL
    --> C:\Program Files\Vodafone SmartTabII10\usb\amd64\winusbcoinstaller2.dll
        [1] Archivtyp: RSRC
      --> C:\Program Files\Vodafone SmartTabII10\usb\amd64\WUDFUpdate_01009.dll
          [2] Archivtyp: RSRC
        --> C:\Program Files\Vodafone SmartTabII10\usb\i386\winusbcoinstaller2.dll
            [3] Archivtyp: RSRC
          --> C:\Program Files\Vodafone SmartTabII10\usb\i386\WUDFUpdate_01009.dll
              [4] Archivtyp: RSRC
            --> C:\Program Files (x86)\EgisTec\MyWinLocker 3\HTCA_SelfExtract.bin
                [5] Archivtyp: OVL
              --> C:\Users\Josef\Downloads\jxpiinstall.exe
                  [6] Archivtyp: Runtime Packed
                --> C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_amd64_neutral_d3c24ca91a346bfa\amd64\WinUSBCoInstaller2.dll
                    [7] Archivtyp: RSRC
                  --> G:\lwc\Tools\ACLiveSE\ACLive\Update V 3.3.2\Live_Vollversion.zip
                      [8] Archivtyp: ZIP
                        [FUND]      Ist das Trojanische Pferd TR/Spy.Banker.Gen9
                        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
G:\lwc\Tools\ACLiveSE\ACLive\Update V 3.3.2\Live_Vollversion.zip
  [FUND]      Ist das Trojanische Pferd TR/Spy.Banker.Gen9
G:\lwc\Tools\AcrobatReader9\Adobe_Community_Help_3.5.0_mediaget.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Mediaget.EB.2
                  --> G:\lwc\Tools\Java\jxpiinstall.exe
                      [8] Archivtyp: Runtime Packed
                    --> G:\lwc\Tools\PinacleTV\setup_christv_5_30_lite.exe
                        [9] Archivtyp: Inno Setup
                      --> {tmp}\rkverify.exe
                          [FUND]      Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Relevant.axar
                          [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
                      --> {tmp}\rkinstall.exe
                          [FUND]      Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Relevant.P
                          [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
G:\lwc\Tools\PinacleTV\setup_christv_5_30_lite.exe
  [FUND]      Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Relevant.P

Beginne mit der Desinfektion:
G:\lwc\Tools\PinacleTV\setup_christv_5_30_lite.exe
  [FUND]      Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Relevant.P
  [WARNUNG]   Die Datei wurde ignoriert.
G:\lwc\Tools\AcrobatReader9\Adobe_Community_Help_3.5.0_mediaget.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Mediaget.EB.2
  [WARNUNG]   Die Datei wurde ignoriert.
G:\lwc\Tools\ACLiveSE\ACLive\Update V 3.3.2\Live_Vollversion.zip
  [FUND]      Ist das Trojanische Pferd TR/Spy.Banker.Gen9
  [WARNUNG]   Die Datei wurde ignoriert.


Ende des Suchlaufs: Dienstag, 26. August 2014  18:46
Benötigte Zeit:  3:51:55 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  59187 Verzeichnisse wurden überprüft
 2501688 Dateien wurden geprüft
      6 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 2501682 Dateien ohne Befall
  37310 Archive wurden durchsucht
      6 Warnungen
      0 Hinweise
 1193539 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         

Alt 27.08.2014, 14:22   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



Lass die Funde von MBAm löschen, kommen die dann wieder? Den Kram auf der Externen löschen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.08.2014, 10:17   #10
Computernixv
 
Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



schaut gut aus - mbam meldet keine Funde mehr!


Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/08/28 08:45:57 +0200</date>
<logfile>mbam-log-2014-08-28 (08-45-44).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.27.08</malware-database>
<rootkit-database>v2014.08.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Josef</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>custom</type>
<result>completed</result>
<objects>548299</objects>
<time>7788</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
         

Alt 29.08.2014, 07:57   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.08.2014, 15:44   #12
Computernixv
 
Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



Ein rießen großes DANKESCHÖN !!!!!!!!!!!!!!!

Alt 30.08.2014, 07:03   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: 30 Funde mbam, 2 Funde avira - Standard

Windows 7: 30 Funde mbam, 2 Funde avira



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: 30 Funde mbam, 2 Funde avira
administrator, adspy/relevant.axar, adspy/relevant.p, adware/agentcv.a.6984, adware/mediaget.eb.2, ccsetup, desktop, explorer, flash player, launch, pup.optional.iminent.a, pup.optional.softonic.a, realtek, security, services.exe, starmoney, svchost.exe, tr/spy.banker.gen9, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.e, win32/bundled.toolbar.ask.f, win32/toolbar.widgi, windows, winlogon.exe



Ähnliche Themen: Windows 7: 30 Funde mbam, 2 Funde avira


  1. Viele Funde mit MBAM
    Plagegeister aller Art und deren Bekämpfung - 12.11.2015 (10)
  2. Windows 7: Avira meldet am 09.03.15 zwei Funde: pua/downloadsponsor.gen
    Log-Analyse und Auswertung - 11.03.2015 (3)
  3. Windows 7: AVAST 3 Funde, Malwarebytes 8 Funde
    Log-Analyse und Auswertung - 16.12.2014 (13)
  4. Windows 7: Multiple Avira Funde
    Log-Analyse und Auswertung - 13.11.2014 (9)
  5. Viele Funde via MBAM Windows 8, kein log file gespeichert?
    Log-Analyse und Auswertung - 12.11.2014 (7)
  6. Diverse Funde mit MBAM
    Plagegeister aller Art und deren Bekämpfung - 15.10.2014 (5)
  7. MBAM hat 16 Funde gemeldet
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (14)
  8. Windows 7: Wiederholte Funde bösartiger Software durch MBAM
    Log-Analyse und Auswertung - 09.02.2014 (7)
  9. Windows 7: POPups im Browser und MBAM-Funde, Absturz
    Log-Analyse und Auswertung - 02.02.2014 (12)
  10. Windows 8.1: evtl. BKA-Virus und Funde durch MBAM
    Log-Analyse und Auswertung - 20.12.2013 (13)
  11. XP Fehlermeldung nach Start - je 2 Funde mit Avira + MBAM
    Log-Analyse und Auswertung - 01.12.2013 (21)
  12. Win7: Avira Fund: Java/Dldr.Obfshlp.JC, Malwarbytes Funde: Hijack.SearchPage in Quarantäne - 35 Funde insgesamt
    Log-Analyse und Auswertung - 06.10.2013 (5)
  13. Funde mit mbam und Avast
    Plagegeister aller Art und deren Bekämpfung - 24.09.2013 (11)
  14. Windows 7: Funde mit MBAM / entrusted toolbar gefunden
    Log-Analyse und Auswertung - 15.09.2013 (9)
  15. Windows 7: Avira hat 172 Viren gefunden, davor mehrer Funde einzel Funde bei Malwarebytes bzw. Avira
    Log-Analyse und Auswertung - 15.09.2013 (13)
  16. AVIRA 28.11.09 7 TR Funde alle in c:\windows\system32\...
    Plagegeister aller Art und deren Bekämpfung - 02.12.2009 (4)
  17. Mehrere Funde bei Mbam
    Plagegeister aller Art und deren Bekämpfung - 17.04.2009 (0)

Zum Thema Windows 7: 30 Funde mbam, 2 Funde avira - FRST log Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-08-2014 Ran by Josef (administrator) on KURTMARKO-PC on 23-08-2014 15:25:53 Running from C:\Users\Josef\Downloads - Windows 7: 30 Funde mbam, 2 Funde avira...
Archiv
Du betrachtest: Windows 7: 30 Funde mbam, 2 Funde avira auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.