Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Viren und Malware gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.09.2014, 09:38   #1
Atue001
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Hallo,
nachdem sich ein Rechner ungewöhnlich verhalten hat (Langsam, Abstürze, Absturzmeldungen des Browsers, Bluescreen) habe ich den Rechner unter die Lupe genommen. Folgendes habe ich unternommen:

1) Desinfec't 2014 auf den Rechner angesetzt.

Ergebnis:
AVIRA hat 3 Viren gemeldet und renamed.
BITDEFENDER hat danach kein weiteres Virus u.ä. gefunden.
Kaspersky ist hängengeblieben und hat keine Befunde gemeldet.
ClamAV hat keine weiteren Viren u.ä. gefunden.

2) Neustart des Rechners unter Windows, anschließend Maximalscan mittels AVAST.

AVAST hat drei weitere Probleme erkannt und in den Container verschoben. Dessen Einträge habe ich in Form eines Textfiles im Anhang angehängt.

3) Malwarebytes Komplettsuche

Malwarebytes hat weitere Probleme gefunden - ich habe das LOG im Anhang angefügt.

4) Anleitung im Trojander-Board gelesen und befolgt - die LOGfiles von Defogger, FRST und GMER finden sich im Anhang.


Es handelt sich bei dem Rechner um ein Medion-Notebook mit Windows7. Windows wird regelmäßig auf den neuesten Stand gebracht. Ebenso die weiteren Programme - hierzu läuft auch SecuniaPSI. Als Virenschutz läuft AVAST.

Der Rechner hatte schon früher mal Probleme - woraufhin ich auch hier im Forum tätig war. Nach Abschluss schien der Rechner aber wieder Problemfrei zu sein.

Einen unmittelbaren Zusammenhang mit der letzten Aktion sehe ich nicht - bei der letzten Aktion hier im Forum wurde im Wesentlichen Malware gemeldet, die die Browsernutzung betraf. Ich vermute deshalb eine Neuinfektion.


Die LOG´s habe ich im Anhang hochgeladen, da die Gesamtgröße der Logs für einen Post zu groß war.


Weitere Infos gerne.

Vielen Dank für die Hilfe schon mal Vorab und viele Grüße

Alt 11.09.2014, 09:59   #2
Warlord711
/// TB-Ausbilder
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Logs einfach auf mehrere Antworten aufteilen !
__________________

__________________

Alt 11.09.2014, 17:26   #3
Atue001
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Ok, hier das Log von Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 05.09.2014
Suchlauf-Zeit: 01:01:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.04.11
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Clara

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387975
Verstrichene Zeit: 15 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.Babylon.A, HKU\S-1-5-21-2971180534-3307857154-2361156270-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [466542a7a8d38bab332c4c2fb151669a], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [8c1f9d4ccdaebb7ba26a8f7917ec47b9], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-2971180534-3307857154-2361156270-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [9417836626552b0be218e52ea1628d73], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 4
PUP.Optional.HolaSearch.A, C:\Users\Clara\AppData\Local\Temp\mt_ffx\holasearch, In Quarantäne, [e2c9995093e8f83e460398421ce6c937], 
PUP.Optional.HolaSearch.A, C:\Users\Clara\AppData\Local\Temp\mt_ffx\holasearch\holasearch, In Quarantäne, [e2c9995093e8f83e460398421ce6c937], 
PUP.Optional.HolaSearch.A, C:\Users\Clara\AppData\Local\Temp\mt_ffx\holasearch\holasearch\1.8.16.16, In Quarantäne, [e2c9995093e8f83e460398421ce6c937], 
PUP.Optional.Updater.A, C:\Users\Clara\AppData\Roaming\DSite\UpdateProc, In Quarantäne, [5e4dfaef5a2160d65e9fb62fc1417c84], 

Dateien: 4
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [3774faeffe7d91a5937133ee43bd59a7], 
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPly, In Quarantäne, [7635fdec33482e080c05f111a16219e7], 
PUP.Optional.Updater.A, C:\Users\Clara\AppData\Roaming\DSite\UpdateProc\config.dat, In Quarantäne, [5e4dfaef5a2160d65e9fb62fc1417c84], 
PUP.Optional.Delta.A, C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://www2.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=94874C8093373337" ],), Ersetzt,[4764c722ccaf57dfa61866bb8481827e]

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Und hier meine Sammlung der Funde von AVAST (sind im Quarantäneordner):

Code:
ATTFilter
Name						ursprünglicher Ort					Beschreibung
happyland131_install.exe			C:\Users\Clara\Downloads\Happylanders			Win32:Rootkit-gen
Hardcore RELOADED\.Hardcore RELOADED.exe	C:\Users\Clara\Downloads\Hardcore RELOADEDv3_9.rar	Win32:Malware-gen
Hardcore RELOADED\metin2client.bin		C:\Users\Clara\Downloads\Hardcore RELOADEDv3_9.rar	Win32:Malware-gen
         

Und damit dann zu den geforderten Logs:

1) Defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:51 on 09/09/2014 (Clara)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

2) FRST - LOG
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Clara (administrator) on CLARA-COMPUTER on 09-09-2014 23:52:54
Running from C:\Users\Clara\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-18] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [Google Update] => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-14] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD772B8DAD3AACB01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {7588CA44-A7C9-4C51-B5D7-CEED47966EC7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ed430307-4fed-422f-8007-a11f58815132&apn_sauid=7600C93F-1E78-4AF9-8816-C9D604CD91DD
SearchScopes: HKCU - {ED1B9BF1-9BD4-4078-BA2E-924AB654916F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-30]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR DefaultSearchKeyword: Default -> 2236F588FBD4DECFC6F2A89BA645A8EB43EC22E1FB7C4088F43684CAE8F0FF11
CHR DefaultSearchURL: Default -> 088438C5D04F0212CFBE5FF554A4BD6C83440BDA68F400E4A40B9046864B7E1E
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Clara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (SmoothScroll) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn [2014-04-26]
CHR Extension: (avast! SafePrice) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-02]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-11-02]
CHR Extension: (avast! Online Security) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-07-21]
CHR Extension: (Smooth Scrollerator) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmicgfcegednlkdhgbhgickcgndjeeig [2014-04-26]
CHR Extension: (Google Wallet) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKCU\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx []
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx [2014-08-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-18] (AVAST Software)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4609416 2013-11-06] (INCA Internet Co., Ltd.) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
R2 nsi; %systemroot%\system32\nsisvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-18] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-18] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-07-03] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-07-03] ()
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 23:52 - 2014-09-09 23:54 - 00026279 _____ () C:\Users\Clara\Desktop\FRST.txt
2014-09-09 23:52 - 2014-09-09 23:52 - 00000000 ____D () C:\FRST
2014-09-09 23:51 - 2014-09-09 23:51 - 00000472 _____ () C:\Users\Clara\Desktop\defogger_disable.log
2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\Clara\defogger_reenable
2014-09-09 23:16 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-09 23:16 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-09 23:16 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-09 23:16 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-09 23:16 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-09 23:16 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-09 23:16 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-09 23:16 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-09 23:16 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-09 23:16 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-09 23:16 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-09 23:16 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-09 23:16 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-09 23:16 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-09 23:16 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-09 23:16 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-09 23:16 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-09 23:16 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-09 23:16 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-09 23:16 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-09 23:16 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-09 23:16 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-09 23:16 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-09 23:16 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-09 23:16 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-09 23:16 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-09 23:16 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-09 23:16 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-09 23:16 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-09 23:16 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-09 23:16 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-09 23:16 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-09 23:16 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-09 23:16 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-09 23:16 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-09 23:16 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-09 23:16 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-09 23:16 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-09 23:16 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-09 23:16 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-09 23:16 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-09 23:16 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-09 23:16 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-09 23:16 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-09 23:16 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-09 23:16 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-09 23:16 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-09 23:16 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-09 23:16 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-09 23:16 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-09 23:16 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-09 23:16 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-09 23:16 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-09 23:16 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-09 23:16 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-09 23:16 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-09 23:00 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-09 23:00 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 22:56 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 22:56 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 22:56 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 22:56 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 22:56 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 22:56 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 22:56 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 22:56 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-09 22:56 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-09 22:55 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 22:55 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 22:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 22:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 22:42 - 2014-09-05 00:08 - 00050477 _____ () C:\Users\Clara\Desktop\Defogger (1).exe
2014-09-09 22:42 - 2014-09-05 00:07 - 00380416 _____ () C:\Users\Clara\Desktop\Gmer-19357.exe
2014-09-09 22:42 - 2014-09-05 00:06 - 02104832 _____ (Farbar) C:\Users\Clara\Desktop\FRST64.exe
2014-09-08 23:40 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-08 23:40 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-08 23:40 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-08 23:40 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-08 23:40 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-08 23:40 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-08 23:40 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-08 23:40 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-08 23:40 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-08 23:40 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-08 23:40 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-08 23:40 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-08 23:40 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-08 23:40 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-08 23:40 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-08 23:40 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-08 23:37 - 2014-09-08 23:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-09-08 23:37 - 2014-09-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-09-08 23:35 - 2014-09-08 23:37 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-09-08 23:33 - 2014-09-08 23:33 - 00001074 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-08 23:22 - 2014-09-08 23:27 - 220827648 _____ () C:\Users\Clara\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi
2014-09-08 23:17 - 2014-09-08 23:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-08 23:17 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\Program Files\iTunes
2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 23:15 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 22:48 - 2014-09-08 22:48 - 00000000 ____D () C:\Windows\en
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\nl
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\it
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\hu
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\fr
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\es
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\de
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\da
2014-09-08 22:46 - 2014-09-08 22:46 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-09-08 22:46 - 2014-09-08 22:46 - 00000000 ____D () C:\Windows\sl
2014-09-08 22:42 - 2014-09-08 22:42 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-08 20:15 - 2014-09-09 22:34 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-08 20:15 - 2014-09-09 22:34 - 00000000 ____D () C:\Windows\system32\NV
2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-05 01:34 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-05 01:34 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-05 01:34 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-05 01:00 - 2014-09-05 01:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 01:00 - 2014-09-05 01:00 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-05 01:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 01:00 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 21:57 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 21:57 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 21:57 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-30 20:54 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-30 20:54 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-30 20:54 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-30 20:54 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-30 20:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-30 20:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-30 20:52 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-30 20:52 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-18 17:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-18 17:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-18 17:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-18 17:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-18 17:33 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-18 17:33 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-18 17:33 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-18 17:33 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-18 17:33 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-18 17:33 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-18 17:33 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-18 17:32 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-18 17:29 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-18 17:29 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-18 17:17 - 2014-08-18 17:17 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-18 17:16 - 2014-08-18 17:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-18 17:15 - 2014-08-18 17:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 23:54 - 2014-09-09 23:52 - 00026279 _____ () C:\Users\Clara\Desktop\FRST.txt
2014-09-09 23:52 - 2014-09-09 23:52 - 00000000 ____D () C:\FRST
2014-09-09 23:51 - 2014-09-09 23:51 - 00000472 _____ () C:\Users\Clara\Desktop\defogger_disable.log
2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\Clara\defogger_reenable
2014-09-09 23:51 - 2012-02-16 21:43 - 00000000 ____D () C:\Users\Clara
2014-09-09 23:46 - 2013-01-14 01:38 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002UA.job
2014-09-09 23:39 - 2012-02-16 21:35 - 01603559 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 23:37 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 23:37 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 23:34 - 2012-05-24 20:19 - 00000000 ___RD () C:\Users\Clara\Dropbox
2014-09-09 23:33 - 2013-07-14 19:34 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 23:33 - 2012-05-24 20:17 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Dropbox
2014-09-09 23:30 - 2013-04-01 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 23:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 23:29 - 2013-03-12 07:48 - 00450554 _____ () C:\Windows\PFRO.log
2014-09-09 23:29 - 2013-02-13 18:08 - 00013450 _____ () C:\Windows\setupact.log
2014-09-09 23:29 - 2011-11-10 21:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-09 23:28 - 2013-04-01 15:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 23:28 - 2012-05-28 07:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 23:28 - 2011-11-07 18:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 23:14 - 2012-02-16 23:59 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-09 23:14 - 2011-11-04 03:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-09-09 23:14 - 2011-11-04 03:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-09-09 23:14 - 2009-07-14 07:13 - 01596516 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 23:13 - 2013-07-21 13:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-09 23:09 - 2013-07-14 19:34 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 23:04 - 2013-03-30 13:43 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-09 23:02 - 2011-11-03 22:34 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 22:59 - 2014-05-07 07:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 22:47 - 2013-01-14 01:38 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002Core.job
2014-09-09 22:34 - 2014-09-08 20:15 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-09 22:34 - 2014-09-08 20:15 - 00000000 ____D () C:\Windows\system32\NV
2014-09-09 22:34 - 2012-02-19 00:06 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Skype
2014-09-09 22:34 - 2012-02-16 21:44 - 00107320 _____ () C:\Users\Clara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-09 22:31 - 2009-07-14 06:45 - 00421544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 23:37 - 2014-09-08 23:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-09-08 23:37 - 2014-09-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-09-08 23:37 - 2014-09-08 23:35 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-09-08 23:33 - 2014-09-08 23:33 - 00001074 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-08 23:27 - 2014-09-08 23:22 - 220827648 _____ () C:\Users\Clara\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi
2014-09-08 23:17 - 2014-09-08 23:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-08 23:17 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iTunes
2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 23:15 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 22:49 - 2012-05-15 07:14 - 00000000 ____D () C:\Users\Clara\Tracing
2014-09-08 22:48 - 2014-09-08 22:48 - 00000000 ____D () C:\Windows\en
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\nl
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\it
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\hu
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\fr
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\es
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\de
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\da
2014-09-08 22:46 - 2014-09-08 22:46 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-09-08 22:46 - 2014-09-08 22:46 - 00000000 ____D () C:\Windows\sl
2014-09-08 22:46 - 2013-04-01 21:48 - 00001378 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-09-08 22:45 - 2012-05-15 07:02 - 00001494 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-09-08 22:43 - 2011-11-07 17:57 - 00002538 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-09-08 22:42 - 2014-09-08 22:42 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-08 22:42 - 2011-11-07 17:56 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-08 22:40 - 2013-04-01 21:40 - 00302312 _____ () C:\Windows\DirectX.log
2014-09-08 22:39 - 2014-04-15 18:53 - 00002208 _____ () C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-08 22:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-05 04:10 - 2014-09-09 22:56 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-09 22:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-05 01:47 - 2012-06-16 17:02 - 00000000 ____D () C:\Temp
2014-09-05 01:47 - 2011-11-10 21:16 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-05 01:47 - 2011-11-10 21:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-05 01:42 - 2011-11-10 21:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-05 01:28 - 2014-09-05 01:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 01:17 - 2013-05-09 08:39 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\DSite
2014-09-05 01:00 - 2014-09-05 01:00 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-05 01:00 - 2012-02-18 23:39 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Malwarebytes
2014-09-05 01:00 - 2012-02-18 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 00:08 - 2014-09-09 22:42 - 00050477 _____ () C:\Users\Clara\Desktop\Defogger (1).exe
2014-09-05 00:07 - 2014-09-09 22:42 - 00380416 _____ () C:\Users\Clara\Desktop\Gmer-19357.exe
2014-09-05 00:06 - 2014-09-09 22:42 - 02104832 _____ (Farbar) C:\Users\Clara\Desktop\FRST64.exe
2014-09-04 21:50 - 2013-07-14 19:35 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-04 20:59 - 2012-05-24 20:18 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-02 23:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-30 21:57 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 21:57 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 21:57 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 20:05 - 2014-09-09 23:16 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-09 23:16 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-09 23:16 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-09 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-09 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-09 23:16 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-09 23:16 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-09 23:16 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-09 23:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-09 23:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-09 23:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-09 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-09 23:16 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-09 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-09 23:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-09 23:16 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-09 23:16 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-09 23:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-09 23:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-09 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-09 23:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-09 23:16 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-09 23:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-09 23:16 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-09 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-09 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-09 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-09 23:16 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-09 23:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-09 23:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-09 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-09 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-09 23:16 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-09 23:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-09 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-09 23:16 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-09 23:16 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-09 23:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-09 23:16 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-09 23:16 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-09 23:16 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-09 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-09 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-09 23:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-09 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-09 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-09 23:16 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-09 23:16 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-09 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-09 23:16 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-09 23:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-09 23:16 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-09 23:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-09 23:16 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-09 23:16 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 17:17 - 2014-08-18 17:17 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-18 17:16 - 2014-08-18 17:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-18 17:16 - 2014-02-04 22:05 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-18 17:16 - 2013-03-30 13:43 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-18 17:15 - 2014-08-18 17:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-18 17:15 - 2013-03-30 13:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

Some content of TEMP:
====================
C:\Users\Clara\AppData\Local\Temp\AskSLib.dll
C:\Users\Clara\AppData\Local\Temp\AutoRun.exe
C:\Users\Clara\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7320010.dll
C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7330016.dll
C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7360010.dll
C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Clara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbmqem.dll
C:\Users\Clara\AppData\Local\Temp\eauninstall.exe
C:\Users\Clara\AppData\Local\Temp\javagiac0.27780967731029715.dll
C:\Users\Clara\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Clara\AppData\Local\Temp\PicasaUpdater_2f4e.exe
C:\Users\Clara\AppData\Local\Temp\PicasaUpdater_3dc5.exe
C:\Users\Clara\AppData\Local\Temp\PicasaUpdater_4304.exe
C:\Users\Clara\AppData\Local\Temp\project1.exe
C:\Users\Clara\AppData\Local\Temp\secuniasi660455209832508344.dll
C:\Users\Clara\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Clara\AppData\Local\Temp\The Sims 2 Deluxe_uninst.exe
C:\Users\Clara\AppData\Local\Temp\uninst1.exe
C:\Users\Clara\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Clara\AppData\Local\Temp\VP6Install.exe
C:\Users\Clara\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 18:35
         
__________________

Alt 11.09.2014, 17:28   #4
Atue001
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Weiter gehts mit FRST - Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Clara at 2014-09-09 23:54:41
Running from C:\Users\Clara\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.30 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden
AMI VR-pulse OS Switcher (HKLM\...\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}) (Version: 1.1 - American Megatrends Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Audials (HKLM-x32\...\{2E5052A2-8E3D-4229-A5EB-2465B260D917}) (Version: 8.0.54900.0 - RapidSolution Software AG)
Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version:  - )
Benutzerhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Useg) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.14.50 - Conexant)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
Die Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version:  - )
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
Die Sims™ 2 Teen Style-Accessoires (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version:  - Electronic Arts)
dm Digi Foto (HKLM-x32\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Druckerdeinstallation für EPSON XP-302 303 305 306 Series (HKLM\...\EPSON XP-302 303 305 306 Series) (Version:  - SEIKO EPSON Corporation)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version:  - Daedalic Entertainment)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Fashion Factory (HKLM-x32\...\{BAE02E8D-9B2C-4C71-AB30-DADD141849D4}) (Version: 1.00.0000 - GedonSoft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FOTOParadies (HKLM-x32\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.1 - Foto Online Service GmbH)
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Pascal 2.6.2 (HKLM-x32\...\FreePascal_is1) (Version:  - Free Pascal Team)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gameforge Live 2.0.0 "Baby Genius" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.0 - Gameforge)
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.10.0 - International GeoGebra Institute)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Grand Fantasia (HKLM-x32\...\Grand Fantasia) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version:  - Free Lunch Design)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
KODAK Create@Home Software (für dm) (HKLM-x32\...\{098E5A44-AB95-428B-BA4C-A263C693E1AC}) (Version: 6.0.8392 - Digilabs)
Lazarus 1.0.14 (HKLM\...\Lazarus_is1) (Version: 1.0.14 - Lazarus Team)
LibreOffice 3.6 Help Pack (German) (HKLM-x32\...\{C77157BC-EC21-422F-8901-64B3D34ED67D}) (Version: 3.6.4.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Horse and Me (HKLM-x32\...\InstallShield_{6B86AB79-5FC2-4746-94D7-9CA8D3C91170}) (Version: 1.00.0000 - W! Games)
My Horse and Me (x32 Version: 1.00.0000 - W! Games) Hidden
Netzwerkhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version:  - )
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version:  - Markement GmbH)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
phase-6 2.3.2b (HKLM-x32\...\phase-6) (Version: 2.3.2b - phase-6)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0045 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
Pošta Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

02-09-2014 21:18:53 Windows Update
04-09-2014 23:35:37 Windows Update
08-09-2014 18:25:06 Windows Update
08-09-2014 20:37:43 Windows Live Essentials
08-09-2014 20:40:24 DirectX wurde installiert
08-09-2014 20:40:53 DirectX wurde installiert
08-09-2014 20:41:50 WLSetup
08-09-2014 21:10:50 Installed iTunes
08-09-2014 21:28:57 Installed LibreOffice 4.2.6.3
08-09-2014 21:38:04 Windows Update
09-09-2014 20:57:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-03-29 17:33 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {20DFC9C0-A1D3-4230-AF81-8DA9ACC0FAF0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-18] (AVAST Software)
Task: {42B946E9-114B-44C3-8A25-FAF7763EE29B} - System32\Tasks\DSite => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4A306C99-ACC0-420F-A7B7-92CF3FD63683} - \DealPly No Task File <==== ATTENTION
Task: {AD9D9278-89A5-4888-A7A2-6314E2AD264F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B506B27E-9412-43DC-98AD-72D5769DEE45} - System32\Tasks\{ABC52F34-3B10-4182-842B-10A59CFA82A1} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.1.0.104&amp;LastError=404
Task: {C538C7C3-D158-4D17-9FD4-84554833738B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002UA => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
Task: {DED55E6E-7C1F-48B6-BB4C-577CA530A861} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: {E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {EDBFD3A7-21E6-4CB5-A009-B5EE279F5585} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F572A1FA-AD53-48CB-868E-0DE7EB49AFEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002Core => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
Task: {F67B7B9F-C6E6-4138-BF0B-CD4A5A370669} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: {FB545AD8-C41E-42DD-9190-EA6B702D8B0F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002Core.job => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002UA.job => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-16 03:46 - 2011-09-16 03:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-11-10 22:15 - 2009-12-19 01:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2011-11-10 22:15 - 2011-10-14 00:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2011-03-09 11:41 - 2011-03-09 11:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 11:41 - 2011-03-09 11:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2011-11-10 21:16 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-10 22:15 - 2011-10-14 21:06 - 00818688 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2011-11-10 22:15 - 2010-01-13 03:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2011-11-10 22:15 - 2010-01-13 03:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2011-11-10 22:15 - 2010-12-18 00:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2011-11-10 22:15 - 2010-12-28 00:14 - 00776200 _____ () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2011-11-10 22:15 - 2011-04-13 00:32 - 00483336 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2011-09-16 03:46 - 2011-09-16 03:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-11-10 01:32 - 2011-09-26 00:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-10 22:15 - 2011-10-24 23:59 - 03420160 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2014-08-18 17:15 - 2014-08-18 17:15 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-09 22:33 - 2014-09-09 22:33 - 02847744 _____ () C:\Program Files\AVAST Software\Avast\defs\14090902\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-05 09:24 - 2010-03-05 09:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2011-11-10 22:15 - 2009-12-19 01:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2011-11-10 22:15 - 2009-12-19 01:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-09-14 07:51 - 2013-09-14 07:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 07:50 - 2013-09-14 07:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-08-18 17:15 - 2014-08-18 17:15 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-09 23:33 - 2014-09-09 23:33 - 00043008 _____ () c:\users\clara\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbmqem.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Clara\AppData\Roaming\Dropbox\bin\libcef.dll
2011-11-10 20:17 - 2011-05-20 20:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-04 21:45 - 2014-08-30 04:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-04 21:44 - 2014-08-30 04:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-04 21:45 - 2014-08-30 04:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 21:47 - 2014-08-30 04:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 21:44 - 2014-08-30 04:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Clara\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: Google Update => "C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 11:30:35 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/09/2014 10:32:01 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/08/2014 11:10:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleMobileDeviceService.exe, Version: 17.327.4.35, Zeitstempel: 0x52fa24ee
Name des fehlerhaften Moduls: AppleMobileDeviceService_main.dll, Version: 17.327.4.35, Zeitstempel: 0x539a62a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009ae0
ID des fehlerhaften Prozesses: 0xa0c
Startzeit der fehlerhaften Anwendung: 0xAppleMobileDeviceService.exe0
Pfad der fehlerhaften Anwendung: AppleMobileDeviceService.exe1
Pfad des fehlerhaften Moduls: AppleMobileDeviceService.exe2
Berichtskennung: AppleMobileDeviceService.exe3

Error: (09/08/2014 10:40:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Windows Live\.cache\825495cf1ce2f1003\DXSETUP.exe Files (x86)\Common Files\Windows Live\.cache\825495cf1ce2f1003\DXSETUP.exe" /silent ; Beschreibung = DirectX wurde installiert; Fehler = 0x80042319).

Error: (09/08/2014 10:39:15 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Clara-Computer)
Description: Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren werden.

Error: (09/08/2014 08:26:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/05/2014 01:35:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Falscher Parameter.
 ErrorCode: 14007(0x36b7).

Error: (09/05/2014 01:23:10 AM) (Source: MsiInstaller) (EventID: 1023) (User: Clara-Computer)
Description: Produkt: Adobe Reader XI (11.0.07) - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Weitere Informationen sind in der Protokolldatei C:\Users\Clara\AppData\Local\Temp\MSI3d2d8.LOG enthalten.

Error: (09/05/2014 01:20:08 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/04/2014 09:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDFME.exe, Version: 1.4.5.2, Zeitstempel: 0x4d77d26b
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0006ccd5
ID des fehlerhaften Prozesses: 0xf40
Startzeit der fehlerhaften Anwendung: 0xWDFME.exe0
Pfad der fehlerhaften Anwendung: WDFME.exe1
Pfad des fehlerhaften Moduls: WDFME.exe2
Berichtskennung: WDFME.exe3


System errors:
=============
Error: (09/09/2014 11:37:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (09/09/2014 11:27:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/09/2014 10:32:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WD File Management Shadow Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/09/2014 10:32:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WD File Management Shadow Engine erreicht.

Error: (09/09/2014 10:31:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎09.‎2014 um 23:44:36 unerwartet heruntergefahren.

Error: (09/08/2014 10:36:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/08/2014 10:36:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/08/2014 08:29:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.183.1682.0)

Error: (09/08/2014 08:23:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (09/08/2014 08:16:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (09/09/2014 11:30:35 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/09/2014 10:32:01 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/08/2014 11:10:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleMobileDeviceService.exe17.327.4.3552fa24eeAppleMobileDeviceService_main.dll17.327.4.35539a62a9c000000500009ae0a0c01cfcb90dd43cdf0C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll7dd3ca03-379c-11e4-a27a-4c809337333a

Error: (09/08/2014 10:40:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Windows Live\.cache\825495cf1ce2f1003\DXSETUP.exe Files (x86)\Common Files\Windows Live\.cache\825495cf1ce2f1003\DXSETUP.exe" /silent DirectX wurde installiert0x80042319

Error: (09/08/2014 10:39:15 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Clara-Computer)
Description: 1SearchIndexer.exeWindows Search0302621614360

Error: (09/08/2014 08:26:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (09/05/2014 01:35:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Falscher Parameter.
 ErrorCode: 14007(0x36b7).

Error: (09/05/2014 01:23:10 AM) (Source: MsiInstaller) (EventID: 1023) (User: Clara-Computer)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625C:\Users\Clara\AppData\Local\Temp\MSI3d2d8.LOG(NULL)(NULL)

Error: (09/05/2014 01:20:08 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/04/2014 09:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDFME.exe1.4.5.24d77d26bMSVCR90.dll9.0.30729.61614dace5b9c00004170006ccd5f4001cfc871a2853f2cC:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll2d285f25-3467-11e4-a7f5-4c809337333a


CodeIntegrity Errors:
===================================
  Date: 2013-03-29 16:29:01.287
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-29 16:29:01.240
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 57%
Total physical RAM: 4007.05 MB
Available physical RAM: 1702.46 MB
Total Pagefile: 8012.29 MB
Available Pagefile: 5393.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.66 GB) (Free:63.64 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:29.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=404.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
         


Und nun noch GMER

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-10 00:13:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0002 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Clara\AppData\Local\Temp\kwldykoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                   fffff80002ffd000 45 bytes [00, 10, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                   fffff80002ffd02f 23 bytes [00, 00, 10, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\winlogon.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                          0000000076bfef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                           0000000076bfef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                           0000000076bfef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                          0000000076bfef8d 1 byte [62]
.text     C:\Windows\system32\WLANExt.exe[1448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                          0000000076bfef8d 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1196] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                             000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                     000000007600a2fd 1 byte [62]
.text     C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                               0000000076bfef8d 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2952] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                              000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe[3316] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                         000000007600a2fd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[3800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                          0000000076bfef8d 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4016] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                           000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                   000000007600a2fd 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                 0000000076bfef8d 1 byte [62]
.text     C:\Windows\Explorer.EXE[3152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                  0000000076bfef8d 1 byte [62]
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                                   0000000075fe1f0e 7 bytes JMP 0000000166fc168b
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                                     0000000075fe5bad 7 bytes JMP 0000000166fc11a4
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                                     0000000075ff1409 7 bytes JMP 0000000166fc1280
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                                    0000000075ffea45 7 bytes JMP 0000000166fc123a
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                               000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                                            000000007600b21b 5 bytes JMP 0000000166fc15a0
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                            0000000076088e24 7 bytes JMP 0000000166fc132f
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                            0000000076088ea9 5 bytes JMP 0000000166fc16cc
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                              00000000760891ff 1 byte JMP 0000000166fc1703
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2                                                                                                          0000000076089201 3 bytes {JMP 0xfffffffff0f38504}
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                      0000000074c28a29 5 bytes JMP 0000000166fc171c
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                                  0000000074c34572 5 bytes JMP 0000000166fc10a0
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                                  0000000074c4e567 5 bytes JMP 0000000166fc140b
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                           0000000074c87a5c 5 bytes JMP 0000000166fc15c8
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                                     0000000074a85ea5 5 bytes JMP 0000000166fc15f0
.text     C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                      0000000074ab9d0b 5 bytes JMP 0000000166fc1217
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            0000000076bfef8d 1 byte [62]
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5420] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                          0000000076bfef8d 1 byte [62]
.text     C:\Program Files\Windows Sidebar\sidebar.exe[5588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                             0000000076bfef8d 1 byte [62]
.text     C:\Program Files (x86)\PHotkey\HCSynApi.exe[5732] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                                    0000000074a85ea5 5 bytes JMP 0000000166fc15f0
.text     C:\Program Files (x86)\PHotkey\HCSynApi.exe[5732] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                     0000000074ab9d0b 5 bytes JMP 0000000166fc1217
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                               0000000075fe1f0e 7 bytes JMP 0000000166fc168b
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                 0000000075fe5bad 7 bytes JMP 0000000166fc11a4
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                 0000000075ff1409 7 bytes JMP 0000000166fc1280
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                0000000075ffea45 7 bytes JMP 0000000166fc123a
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                           000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                        000000007600b21b 5 bytes JMP 0000000166fc15a0
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                        0000000076088e24 7 bytes JMP 0000000166fc132f
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                        0000000076088ea9 5 bytes JMP 0000000166fc16cc
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                          00000000760891ff 1 byte JMP 0000000166fc1703
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2                                                                      0000000076089201 3 bytes {JMP 0xfffffffff0f38504}
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                  0000000074c28a29 5 bytes JMP 0000000166fc171c
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                              0000000074c34572 5 bytes JMP 0000000166fc10a0
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                              0000000074c4e567 5 bytes JMP 0000000166fc140b
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                       0000000074c87a5c 5 bytes JMP 0000000166fc15c8
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                            0000000075fe1f0e 7 bytes JMP 0000000166fc168b
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                              0000000075fe5bad 7 bytes JMP 0000000166fc11a4
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                              0000000075ff1409 7 bytes JMP 0000000166fc1280
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                             0000000075ffea45 7 bytes JMP 0000000166fc123a
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                        000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                     000000007600b21b 5 bytes JMP 0000000166fc15a0
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                     0000000076088e24 7 bytes JMP 0000000166fc132f
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                     0000000076088ea9 5 bytes JMP 0000000166fc16cc
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                       00000000760891ff 1 byte JMP 0000000166fc1703
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2                                                                   0000000076089201 3 bytes {JMP 0xfffffffff0f38504}
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                          00000000760f1d29 5 bytes JMP 0000000166fc11bd
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                        00000000760f1dd7 5 bytes JMP 0000000166fc1014
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                            00000000760f2ab1 5 bytes JMP 0000000166fc154b
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                               00000000760f2d17 5 bytes JMP 0000000166fc1267
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                               0000000074c28a29 5 bytes JMP 0000000166fc171c
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                           0000000074c34572 5 bytes JMP 0000000166fc10a0
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                           0000000074c4e567 5 bytes JMP 0000000166fc140b
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                    0000000074c87a5c 5 bytes JMP 0000000166fc15c8
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                       0000000076bfef8d 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                   0000000076bfef8d 1 byte [62]
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                        0000000075fe1f0e 7 bytes JMP 0000000166fc168b
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                          0000000075fe5bad 7 bytes JMP 0000000166fc11a4
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                          0000000075ff1409 7 bytes JMP 0000000166fc1280
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                         0000000075ffea45 7 bytes JMP 0000000166fc123a
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                    000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                 000000007600b21b 5 bytes JMP 0000000166fc15a0
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                 0000000076088e24 7 bytes JMP 0000000166fc132f
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                 0000000076088ea9 5 bytes JMP 0000000166fc16cc
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                   00000000760891ff 1 byte JMP 0000000166fc1703
.text     C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2                                                                               0000000076089201 3 bytes {JMP 0xfffffffff0f38504}
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                            0000000075fe1f0e 7 bytes JMP 0000000166fc168b
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                              0000000075fe5bad 7 bytes JMP 0000000166fc11a4
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                 0000000075fe8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                              0000000075ff1409 7 bytes JMP 0000000166fc1280
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                             0000000075ffea45 7 bytes JMP 0000000166fc123a
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                        000000007600a2fd 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                                     000000007600b21b 5 bytes JMP 0000000166fc15a0
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                     0000000076088e24 7 bytes JMP 0000000166fc132f
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                     0000000076088ea9 5 bytes JMP 0000000166fc16cc
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                       00000000760891ff 1 byte JMP 0000000166fc1703
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2                                                                                                   0000000076089201 3 bytes {JMP 0xfffffffff0f38504}
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                             0000000075fe1f0e 7 bytes JMP 0000000166fc168b
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                               0000000075fe5bad 7 bytes JMP 0000000166fc11a4
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                               0000000075ff1409 7 bytes JMP 0000000166fc1280
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                              0000000075ffea45 7 bytes JMP 0000000166fc123a
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                         000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                      000000007600b21b 5 bytes JMP 0000000166fc15a0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                      0000000076088e24 7 bytes JMP 0000000166fc132f
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                      0000000076088ea9 5 bytes JMP 0000000166fc16cc
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                        00000000760891ff 1 byte JMP 0000000166fc1703
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2                                                                                    0000000076089201 3 bytes {JMP 0xfffffffff0f38504}
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[6748] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                  0000000074c28a29 5 bytes JMP 0000000166fc171c
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[6748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                              0000000074c34572 5 bytes JMP 0000000166fc10a0
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[6748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                              0000000074c4e567 5 bytes JMP 0000000166fc140b
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[6748] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                       0000000074c87a5c 5 bytes JMP 0000000166fc15c8
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                    0000000075fe1f0e 7 bytes JMP 0000000166fc168b
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                      0000000075fe5bad 7 bytes JMP 0000000166fc11a4
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                      0000000075ff1409 7 bytes JMP 0000000166fc1280
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                     0000000075ffea45 7 bytes JMP 0000000166fc123a
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                             000000007600b21b 5 bytes JMP 0000000166fc15a0
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                             0000000076088e24 7 bytes JMP 0000000166fc132f
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                             0000000076088ea9 5 bytes JMP 0000000166fc16cc
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                               00000000760891ff 1 byte JMP 0000000166fc1703
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2                                                                           0000000076089201 3 bytes {JMP 0xfffffffff0f38504}
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                       0000000074c28a29 5 bytes JMP 0000000166fc171c
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                   0000000074c34572 5 bytes JMP 0000000166fc10a0
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                   0000000074c4e567 5 bytes JMP 0000000166fc140b
.text     C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                            0000000074c87a5c 5 bytes JMP 0000000166fc15c8
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                       0000000075fe1f0e 7 bytes JMP 0000000166fc168b
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                         0000000075fe5bad 7 bytes JMP 0000000166fc11a4
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                         0000000075ff1409 7 bytes JMP 0000000166fc1280
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                        0000000075ffea45 7 bytes JMP 0000000166fc123a
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                   000000007600a2fd 1 byte [62]
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                                000000007600b21b 5 bytes JMP 0000000166fc15a0
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                0000000076088e24 7 bytes JMP 0000000166fc132f
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                0000000076088ea9 5 bytes JMP 0000000166fc16cc
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                  00000000760891ff 1 byte JMP 0000000166fc1703
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2                                                                                              0000000076089201 3 bytes {JMP 0xfffffffff0f38504}
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                     00000000760f1d29 5 bytes JMP 0000000166fc11bd
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                   00000000760f1dd7 5 bytes JMP 0000000166fc1014
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                       00000000760f2ab1 5 bytes JMP 0000000166fc154b
.text     C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                          00000000760f2d17 5 bytes JMP 0000000166fc1267
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7472] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                      000000007600a2fd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                            000000007600a2fd 1 byte [62]
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                                        0000000075fe1f0e 7 bytes JMP 0000000166fc168b
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                                          0000000075fe5bad 7 bytes JMP 0000000166fc11a4
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                                          0000000075ff1409 7 bytes JMP 0000000166fc1280
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                                         0000000075ffea45 7 bytes JMP 0000000166fc123a
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                    000000007600a2fd 1 byte [62]
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                                                 000000007600b21b 5 bytes JMP 0000000166fc15a0
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                                 0000000076088e24 7 bytes JMP 0000000166fc132f
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                                 0000000076088ea9 5 bytes JMP 0000000166fc16cc
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                                   00000000760891ff 1 byte JMP 0000000166fc1703
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2                                                                                                               0000000076089201 3 bytes {JMP 0xfffffffff0f38504}
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                      00000000760f1d29 5 bytes JMP 0000000166fc11bd
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                                    00000000760f1dd7 5 bytes JMP 0000000166fc1014
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                        00000000760f2ab1 5 bytes JMP 0000000166fc154b
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                           00000000760f2d17 5 bytes JMP 0000000166fc1267
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                   00000000762ee96b 5 bytes JMP 0000000166fc15b9
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                     00000000762eeba5 5 bytes JMP 0000000166fc1181
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                           0000000074c28a29 5 bytes JMP 0000000166fc171c
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                                       0000000074c34572 5 bytes JMP 0000000166fc10a0
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                                       0000000074c4e567 5 bytes JMP 0000000166fc140b
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                                0000000074c87a5c 5 bytes JMP 0000000166fc15c8
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                                          0000000074a85ea5 5 bytes JMP 0000000166fc15f0
.text     C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                           0000000074ab9d0b 5 bytes JMP 0000000166fc1217

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [3800:7756]                                                                                                                                                                          000007fef2779688
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:1556]                                                                                                                                               0000000075cb7587
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:3116]                                                                                                                                               0000000069c47712
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:3312]                                                                                                                                               0000000076ff2e65
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:8028]                                                                                                                                               0000000074a9d864
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:5944]                                                                                                                                               0000000076ff3e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:8076]                                                                                                                                               0000000076ff3e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:4516]                                                                                                                                               0000000076ff3e85
---- Processes - GMER 2.1 ----

Library   C:\Users\Clara\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe [5772](2014-08-15 18:46:08)                                                0000000003c00000
Library   c:\users\clara\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbmqem.dll (*** suspicious ***) @ C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe [5772](2014-09-09 21:33:47)  0000000004110000
Library   C:\Users\Clara\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe [5772](2013-08-23 19:01:44)                                                      000000005bd70000
Library   C:\Users\Clara\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe [5772] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                        000000005a240000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00150080283d                                                                                                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c809337333a                                                                                                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c809337333a@d0176ac84815                                                                                                                             0x32 0x90 0x47 0x78 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00150080283d (not active ControlSet)                                                                                                                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c809337333a (not active ControlSet)                                                                                                                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c809337333a@d0176ac84815                                                                                                                                 0x32 0x90 0x47 0x78 ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         

Alt 11.09.2014, 20:55   #5
Warlord711
/// TB-Ausbilder
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR HKLM-x32\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx [2014-08-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {42B946E9-114B-44C3-8A25-FAF7763EE29B} - System32\Tasks\DSite => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 12.09.2014, 00:32   #6
Atue001
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Zu Schritt 1: FRST

Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Clara at 2014-09-11 22:04:29 Run:1
Running from C:\Users\Clara\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM-x32\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx [2014-08-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {42B946E9-114B-44C3-8A25-FAF7763EE29B} - System32\Tasks\DSite => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
emptytemp:
         
*****************

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkkhdppcfchlghnlhifennhcadbnfld" => Key deleted successfully.
"C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42B946E9-114B-44C3-8A25-FAF7763EE29B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42B946E9-114B-44C3-8A25-FAF7763EE29B}" => Key deleted successfully.
C:\Windows\System32\Tasks\DSite => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully.
C:\Windows\Tasks\DSite.job => Moved successfully.
EmptyTemp: => Removed 7 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         

Zu Schritt 2: aswMBR.exe

In der Anleitung zu aswMBR.exe steht, dass ich das Antivirusprogramm schließen soll.
Bedeutet dies, dass ich AVAST schließen soll? Ich frage lieber zuerst nach, weil du geschrieben hast, dass das Programm danach fragen wird, ob ich mit AVAST das System scannen will...

Beim Start von aswMBR taucht folgende Meldung/Frage auf:

Code:
ATTFilter
This computer supports "Virtualization Technology".
Would you like to use it for rootkit detection?
         
Ich kann hier JA und NEIN anklicken. Bevor ich das jetzt mache, frage ich lieber mal nach.

Nachdem ich was anklicken musste, habe ich halt NEIN angeklickt und hoffe, das war nicht falsch. Der Suchlauf startete dann ....

Hier das Ergebnis:

Code:
ATTFilter
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-11 22:17:43
-----------------------------
22:17:43.908    OS Version: Windows x64 6.1.7601 Service Pack 1
22:17:43.908    Number of processors: 4 586 0x2A07
22:17:43.909    ComputerName: CLARA-COMPUTER  UserName: Clara
22:17:46.111    Initialize success
22:17:46.112    VM: initialized successfully
22:17:46.545    VM: Intel CPU supported virtualized 
22:58:07.655    VM: not used
22:58:10.955    AVAST engine defs: 14091101
22:59:45.031    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:59:45.041    Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
22:59:45.191    Disk 0 MBR read successfully
22:59:45.191    Disk 0 MBR scan
22:59:45.211    Disk 0 unknown MBR code
22:59:45.231    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:59:45.241    Disk 0 default boot code
22:59:45.291    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       414372 MB offset 206848
22:59:45.331    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        61440 MB offset 848840704
22:59:45.401    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 974669824
22:59:45.501    Disk 0 scanning C:\Windows\system32\drivers
22:59:55.176    Service scanning
23:00:14.902    Modules scanning
23:00:14.912    Disk 0 trace - called modules:
23:00:14.942    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
23:00:14.942    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800701a060]
23:00:14.952    3 CLASSPNP.SYS[fffff88000c7743f] -> nt!IofCallDriver -> [0xfffffa80047ea550]
23:00:14.952    5 ACPI.sys[fffff88000d757a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047f0050]
23:00:26.864    AVAST engine scan C:\Windows
23:00:29.074    AVAST engine scan C:\Windows\system32
23:03:21.444    AVAST engine scan C:\Windows\system32\drivers
23:03:35.923    AVAST engine scan C:\Users\Clara
23:52:58.833    AVAST engine scan C:\ProgramData
23:55:29.773    Scan finished successfully
23:57:09.848    Disk 0 MBR has been saved successfully to "C:\Users\Clara\Desktop\MBR.dat"
23:57:09.858    The log file has been saved successfully to "C:\Users\Clara\Desktop\aswMBR.txt"
         
adwCleaner hat folgendes Log ergeben:

Code:
ATTFilter
# AdwCleaner v3.309 - Bericht erstellt am 12/09/2014 um 00:00:01
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Clara - CLARA-COMPUTER
# Gestartet von : C:\Users\Clara\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Clara\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Clara\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Clara\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Datei Gelöscht : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
Datei Gelöscht : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage

***** [ Tasks ] *****

Task Gelöscht : Dealply

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\522d6deb33aed48
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v37.0.2062.120

[ Datei : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

*************************

AdwCleaner[R0].txt - [5676 octets] - [11/09/2014 23:58:31]
AdwCleaner[S0].txt - [5272 octets] - [12/09/2014 00:00:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5332 octets] ##########
         

Das JRT hat folgendes LOG geliefert:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Clara on 12.09.2014 at  0:04:28,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2971180534-3307857154-2361156270-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7588CA44-A7C9-4C51-B5D7-CEED47966EC7}



~~~ Files

Successfully deleted: [File] "C:\Users\Clara\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] C:\Windows\syswow64\sho3492.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC974.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{009A2206-A0F0-4B0E-9393-59CB196224E1}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{01B9F2C3-2099-4E83-9409-ED4AF0CA3757}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0603FA30-DE12-485C-9A22-F237A0F16668}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{06EB080B-3D42-4EBE-AA0C-C423C50C0BC6}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{073120C3-63F8-41CE-B062-A841FD45794D}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{09F0510B-B4D5-434B-9876-AE503386927F}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0AFFB361-C314-4EA9-AEC8-736945A4708B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0C5EE800-6F5C-435E-8850-4FBAD5CC0584}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0D75EA4C-3AC1-4D1D-8931-AE2DD9192D55}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0D85C060-E76C-4EEF-A7C1-5B032BB08C57}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0DB28282-C2CF-43C5-BDE8-17ADC4004D94}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{1006218C-0DFF-478A-94BC-33FA10CF4158}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{11229D29-322E-4D7A-90F4-FDB7A4D73420}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{13187573-E1A3-40B2-8102-121274F6F74C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{156E87E8-5D28-4401-B0CA-EF889050A46A}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{156FD02B-2C24-4B27-99D5-D2723038E1E6}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{18ED9A7D-2934-45CA-8413-0B388C60E285}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{1B154510-3D22-4435-9BAC-899CF57096E8}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{1C14C76D-7045-4F5D-9A78-0C61A6F014D7}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{202D7281-8822-4A84-B9B0-CE9A687AB294}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2112F2E2-7C80-4632-81EE-16B28281CF4C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{22394F57-EF86-4B7D-9B11-192C0804A9F3}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{22F4F85B-88E5-4111-B8D8-B6FB0339F56B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{233C949A-F282-49D2-BE2B-2BFDA07DA108}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{23B9FE0F-C90C-4A54-A46D-B8CF57E80552}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{266F30BB-37FC-4D58-8DC6-6677AA255012}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{29E6642E-668A-46C5-A923-404B7234764B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2A046E34-3715-42FF-8241-0B4B7DB846AF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2A5B0A29-A82B-4549-A933-3FADCB02D7BC}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2AF7EA54-8DAD-4B08-BF5E-78855F4BD423}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2BDB096C-74B2-462A-842E-6297718B8E26}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2CBD981B-D779-4763-B85B-054DC44D67B4}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2E0FAB58-C07F-4C5E-8B37-F967587C16D2}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2FDC3E00-6253-4948-B787-CD189192CF89}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3027C21A-D0FA-432F-BAAE-73F185003919}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{307B2612-B155-4536-BE26-581E8BBF385D}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{31A71BB0-9C9C-4AA6-B810-CAD61D9DAE50}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{31F575E8-F308-429E-8EBC-1C384911D0C1}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{330EBA12-0690-4FE3-BBFA-F18770381248}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{333B061D-DA57-456F-B4EF-7C2FD8BD5B88}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{336742DF-657D-4A6C-853D-0FB586480A2C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{35876A6C-C668-4168-A9C9-8EE28C663194}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{36745934-6D02-4F36-A7C3-94AA4DE11704}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{37A5F942-378E-4DA8-B57D-4CEB92B071AE}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{37A74D82-F35B-408A-B30A-BF4A9ACD0FAB}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{380D76B8-4009-4110-AB4D-69E1CAA41991}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{389C58A4-CB22-4F1A-99F1-3DB13F438A1B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{38C9DB1E-C880-4D3F-B3E8-4AF9BE1F10AC}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{38E398AC-1230-445B-9089-CFD8663AC5BE}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{390DBA71-6767-4687-95F5-0E455207747F}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3A4E4D6E-F601-4B1D-9AE5-F5FE71BDFD22}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3A80CDE0-D7A5-4D98-9987-47E814A4436C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3BFE0DE6-FD64-450B-8D61-7E03B501EA75}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3DB1991D-E03E-4A8B-A8DC-4BFE56808F6A}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3EEBFC0B-846E-4083-8EA2-5B9644657ABB}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3F5C59FD-E858-40EB-8C34-848365B45663}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4006307F-C627-49D5-A36A-FDC44D6F1D8E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{40218299-1F6B-4FE3-BD13-62AFA3AAD3C6}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{40ACD772-7C83-49BC-AA98-4035AEC7BBCE}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{40EECD56-4197-4674-986F-F269FD0D1734}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{41A5C0A6-7A7D-4FAC-8025-5BF0FE8692D8}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{42D07DBD-CD2A-4649-98E3-E0966CE513AB}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{433C1F90-11D2-4605-A0E0-0786D20BEA14}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{44253F49-4032-46F4-949A-2375943C6E6E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{47EA5FD7-C7D6-4F61-8AB2-D345682D8988}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{49A15AD5-15B8-48B2-9D34-966CFBBA20AF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{49BAF0C6-4966-42A6-9A0A-458A9FF674FC}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{49E72B05-F95D-4BBC-AE5C-9E047EC6F4CF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{49F5083F-B904-43CB-96ED-165F04ACACC9}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4AE811C5-CCF2-4DEA-B757-29D1E0600AF1}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4B88CDB1-42C4-4358-A5E6-CC98C2074854}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4CD33C29-5006-48A8-9C8A-8B862F65C8DB}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4DEC0C55-27EC-4A9E-8129-30CF7D48CE84}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4EC81A53-BCFE-41C3-90EA-2A3873579DDC}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{51BCFCE7-C2DF-469E-AE0F-0CEC169FC09A}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{526FEC39-861D-460B-B841-6809BF943F6A}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{53BF4F3D-3A87-4436-B293-59A4A6802202}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5525CE84-F430-4409-B16B-3DE28D5B380F}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{577C4132-68CA-4A2E-908D-45703DD5212E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{57A54786-BF20-4E2F-A300-AEA64BEBF371}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{58D8574E-66C5-435A-A215-24F5EE2CF3B4}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5962A4B4-5B21-4E7E-88CA-50F4D4318D46}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5A3C5A06-5E49-4623-9CC5-CD37019CB9D8}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5B1EF3A8-5DE5-44AE-AA7E-896A9A524591}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5B54B299-FE7C-470F-B762-69F0D52B623C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5C18FBAC-E9A6-4D93-9E20-F84281EEE6E7}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5D22EDA8-AFDD-4C4B-B44D-49FB9B3C348B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5FB66FB6-A006-4EC8-AD3E-C61CB8B734A9}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6044F231-2014-419E-B88F-B352ACA0A0BF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{606D4C66-F97D-44F6-BF3E-78B8B8102496}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{60FF62D4-3835-48BE-A99B-D9414E8F7CC0}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{628E2020-768F-4F6A-9ACC-0AF582E2CCFF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{62CC6F01-7109-4E1A-9B0A-449A3ED90D43}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{647EE1AE-5803-42C7-9343-9406AE486100}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{65078356-D458-4911-B9A1-B93B6691FDBC}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6583AD8B-27E7-4D98-91B6-4DF20F449BDF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{659AA390-A720-465E-BEDA-149388C4D7B2}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{663A66E8-1F1C-4B9A-A499-EE93E94F90C3}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{666F5241-0E70-4A4B-B2E1-DD93E6BFECBE}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6675626D-6F5A-49F5-9E39-389C982DD993}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{68D7D868-661E-4010-84F6-BE7AC356CE11}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6926D840-97D0-4A51-82D1-CAF3A4D3AEEB}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6AED500A-DC87-43F4-9643-0CBD255AC76F}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6B11DD26-9035-4C24-94E0-15174235F310}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6D6D5C5F-676C-4A46-94E4-43C5E411E15E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6D9A6219-3D23-4E1F-B3CA-73BC3EEED34F}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6EE20470-0257-4F8D-859F-42EC891ED491}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6F958560-CB83-4BF1-8427-0488B21DA9A0}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7223A3EE-BB46-4C0A-A673-A3450A6B890A}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{72CB96C9-FE6E-49DD-AF95-EE1220B5BD4D}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{732D092D-C88D-4476-B83D-B490FF1DB8B6}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7512F0F5-C144-4F75-93A1-5A64A102CA11}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{75E25C2F-E82F-4A6E-ABA2-A033F16BEF20}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{76991777-17F3-4464-8669-36A85A65839C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{77A2AD43-9D2D-4130-96FF-4231AD992FF7}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7904AC4F-1B7E-4608-AD3F-8FA73E90F98F}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7A80D5CE-0065-4AF6-95B3-A10C187DC798}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7B318243-C55D-4F08-BF29-4B86E28076E2}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7C6ADC81-CC02-4636-AAB7-5F035CF9A2E2}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7C88447E-9734-48B4-9552-EB4B70985493}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7DF3A433-22AC-457C-8E7E-CD6A71F533F2}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7E241CC5-956D-4FD8-9059-EA533C5E2ADD}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7E648CE6-1740-49AB-8547-D57F08CAA98E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{801D3AD5-ACB2-405E-9E26-85DC306EE9F4}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{80997638-8E20-4B12-8A05-0516365CA0D8}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{81F20E7A-C09F-435B-9C8E-AC8BE9110107}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{827463A8-8B33-443F-9F5D-4C323D1C6BAF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8316FE78-BBBE-4F41-BFFF-BA506F7A449B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{847A643F-3512-479F-AB89-AFBE3FF4C98E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{863BA964-6925-4BC0-8FCE-84B8739E711D}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{86E27F39-BB21-4A39-8D68-DBD9C1B6B5DF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{88E5770F-ED17-4A77-A355-7FBE123877C8}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{88ED8E5C-F3BE-4345-8D1C-3A344F752CFA}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{893E013C-C357-40A1-B042-AAA9637F9767}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8985EFD8-3733-4FB0-8A2F-EE2520DAE988}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{89E252D9-9D16-4A3A-956B-446CF7061A53}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8AB88FE5-3161-443C-87AE-5A146141BFDF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8B4F8B5E-4A8F-45B9-B54C-B0EDDF20D2B1}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8BD96A71-0FBC-45FF-A383-A48550AC52BB}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8BEF416E-BD8E-4343-85A0-C03C00921F43}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8C267985-269E-41CC-B211-948D3EF91334}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8C77A533-BDBF-4E19-B44A-CC7D999EC772}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8E0C1FAA-D66C-46B5-9AA0-5E88D9E5A698}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8EDD7EC9-A9F4-4C0A-BCE3-E8C8341841E2}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{90A44855-6192-4EE3-A772-670A2BB1B537}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{90D5C35D-B450-4313-9FB0-1AA83327ED34}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{91BBFFA0-E51F-46F1-A92B-4AE79C7389BA}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9332C5FE-00C7-4A37-A92B-2C569FBB7871}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{93A7E491-FDC2-41AA-A140-8CF80E768C64}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9416B7BF-54A9-4AF2-96BC-133559A72C8E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9438C729-DF0C-466F-B640-7EB3D4E38837}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{94E9FEE7-66C9-47A5-996F-078769AA5A5B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{95172544-9567-493F-B204-23847300A230}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{95BE675E-E578-4724-886E-5D3864A528B0}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{977F7529-D41F-4B29-8C49-AE5DA5D0F644}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{98920C73-EB78-4A12-83DD-0C0AAF5CC342}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{98EC90D4-7245-4A1E-8259-762BE2956D63}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9920A579-6AC9-4509-8FC6-B4CA4C2361FE}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9B602520-20E8-45E3-BDCF-4F6C4F8A9F9E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9D292320-5875-4E46-96ED-EEC1E6C53769}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9DB5EBD0-3483-45C0-ABA3-FB3D92246F35}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9E4BE032-5B16-4E7B-B689-FBA0C02B630F}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9F0E22E0-8F95-4623-858F-A7F1276B03C6}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9F403185-CCE7-44B3-A570-F4582A880CBD}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A1697212-1A57-44DE-A549-FDEB33EA60FC}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A2335B09-A7A3-4BC3-933E-A8ACFDCC7347}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A24A26FA-C258-4F0B-9DCB-70AFD4445C87}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A4338876-A395-43FE-90C9-65722E5A017C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A43F3689-50CB-4B7D-B376-596BCFBEA3E0}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A684A0DB-E942-474C-B0C1-66A8D5641FD2}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A74B49D8-700B-41E3-B493-A269082F2DF2}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A768F0BF-2AF3-414C-BFFB-B9B712090C1E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A88A8E5D-339B-4C48-B9FC-D72DE94A0E28}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AC09C4BD-5198-4F64-8193-3514350DEEBA}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AC7EE15D-BA60-49F3-BCD5-DECB18F09747}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AD44F3ED-9C3C-41D9-9517-8B78AA11C5DD}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AD6587DF-9324-45C8-9746-B133619F73C0}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AF2AC986-AB37-4102-B7BC-F73D14E4D7DA}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AFF089AC-8984-4D7A-A2B5-B04B2E614C28}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B0109ABC-6428-4109-AD02-E3AE76B1F38C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B13F9480-5DBC-49E7-BA1C-4720230DBA92}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B15FD3C0-7A9B-4958-8793-0995D6765FFF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B1A51B05-CB64-4DEE-9CFC-9647889CE590}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B2798108-1CC9-45DE-B147-B953FAF3D0F3}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B2AC7CAD-03E0-4475-9507-C40A115F50A0}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B398ECA0-44FD-42C5-9E30-6662EAE84CE4}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B3ACC7DC-35B9-412A-A6B2-3FECC5727924}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B66CE2CE-83B6-4259-B63B-3B9BE9B4BD60}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B6FE26F3-6B1D-4A9C-9DF9-943D897EDABD}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B7AAB16B-DD74-4AE1-82CD-E078F84F651E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B7F1B38F-ACCD-4865-A815-C6B6505DB36B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B871AD61-EE66-41D4-8E0E-73E0F2552DC9}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B93493DE-EB81-47BC-A9BB-40A38FF44DCC}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B94111B1-E149-4DEC-85F4-B6F284D6CA47}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BA3E5725-B4B5-43FB-A281-743853929F87}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BB60AEF6-E417-47B7-AD84-FDB5C141435A}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BD6FAC4F-5D1C-4B17-B8BE-925B721A7F4C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BE839CFE-CC6F-4436-95D9-CA4918E59321}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BFB41238-5EB3-4EB5-A784-B6018C9F125B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BFBA70A6-56BB-4D7A-97E7-29B6BA663725}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{C2AFD422-ACB5-4D34-88C0-15C5411FCCCA}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{C412EB44-2518-4282-B1B1-A1389BB342B3}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{C7B74B50-CED2-4CA2-89AB-AD3FACB41AED}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{C9E31710-14B1-4543-AB1A-99E60CACC079}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CB1D5FA8-C72E-42FC-9118-D496A3B9172B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CB57E485-B2A4-440D-B1F6-432C68538503}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CBC7DC08-8B28-48E8-B592-B1083F429CB4}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CF1AF5FB-6CFB-4160-8F51-70276DBC32D9}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CF248F08-FF6B-4CAB-A510-47B82A6BF449}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D1CDF89A-E3FC-4DAB-8CE4-85202D09B475}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D1E45328-D634-4387-9FD6-0B12578CD9BF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D1F2BF99-80D8-4E10-BBC7-9E373504453C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D2A1903A-341C-4632-AD12-5C1047B9F760}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D363FDF9-4DA9-42F7-9774-EFB4FD6EE3F3}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D3F65260-541F-4FDC-A52E-B4FBF91A07BE}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D418AAB6-3F39-4D4F-9C98-81912364D46D}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D5C536D5-43B9-401A-891C-2B8FAEDFC97B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D5F202F5-6F9D-43EF-8EA0-9151EBD88EAB}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D6AFC53F-E584-49BD-A63C-5DAC04513C8D}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D70BA13D-0D57-48A4-9739-6E3219BAFE1C}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D71C9046-70AD-4D1D-8503-BCB710B15F40}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D82C9937-CAF3-4AEF-A8E7-C652893A3A65}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D8E8CE61-EC8F-4A43-AFDC-CCEFF0DECCA9}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{DA1FD356-F638-4DC5-89AF-C4E10D049213}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{DE066A33-37C9-4582-9C9D-75D808E3E209}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{DEAED1AC-6A3F-4110-A8A2-8D56FF042E43}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{DFEC00D8-FEB8-4E45-A09F-39C209226D9A}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E04A3D08-CEE4-435C-86D1-E789B8B304D9}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E35A4375-1E2F-43A9-867E-D64B64D2AB85}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E4BF951F-B2E8-492F-8FA6-D4292B3F3772}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E4F9945B-EA8A-4E47-B0BD-59C2ECCC071D}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E541CC0F-0512-4201-9B28-86B054E21671}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E5D286C9-B65D-4522-B190-5B6C884B0234}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E62FDE09-D6EB-492C-802E-165543B30945}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E6A53133-2B78-40BA-9CD7-FEBD2D5D06C8}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E81BF4BA-782C-4093-8ADE-0CFE95C140E6}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E83456C0-8AD9-4EBC-9516-AC0FD2ABDCF6}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E8A39DDE-83AB-482C-9047-BE5444B0D36A}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E9B6093F-A960-40FE-A329-AB56FDDE7CF7}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EA16C491-A1A6-4B79-AE4A-64C56BE2C7B7}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EC016359-6F49-44B2-87B9-EA0AC2A0E357}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EC04F0D4-F079-42DC-88D2-2A08B8F5FA47}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EC5E4F85-3E47-49F7-8CCB-6D63E99C6A6D}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EC68FD55-2A94-4242-8BB7-8E9918D40307}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EEB11602-8DDB-48E5-B584-B04E77BD5437}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F1479BB2-F73B-4ADE-B596-3109E96CB29E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F199E3A9-F421-4F59-81C1-002DD98F8E6D}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F5CB4457-C0A8-4E75-83F0-343A4C0FE831}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F6A5E88F-F962-4DE0-ADD5-65157861B856}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F6D00065-E283-421D-AC40-3B38487CDFE2}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F753FE5C-72D0-4D38-A946-24A4CAC66D9E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F8068ABC-B631-458F-9130-AC7BD42631CE}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FA21630E-0FEE-4399-BE74-0270BFD7E443}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FA24226E-8F72-4726-AB7D-C46762F144C4}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FAA95007-A15B-4588-A2ED-F71A0F451D6B}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FAAF0130-66DC-4D23-9B34-A051BCFB94E7}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FBD36F03-054B-45F0-A6DF-41DF1BC0B319}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FC3203A0-B955-4861-84C3-534668710763}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FD63F319-86F4-44DE-9B42-03B6E36E684E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FD8F3717-51A2-4F00-86EA-F17550BA9CDF}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FDFD890F-47FC-47FB-BEA5-383F3C1FEBD7}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FE31F776-AC17-4C20-8A99-24E593A7CC08}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FEB1289A-ED15-4A4C-AEB6-BDB475BE70A9}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FEB663D1-8A5E-4870-B713-48034C65BA08}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FF8D6B0B-468A-496D-8CAC-658445B553E9}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FF966551-C34C-408F-831B-0D6EE425653E}
Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FF9DAD41-5EDB-40B8-80E7-F31D5E8928E0}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.09.2014 at  0:16:30,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Und schließlich FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Clara (administrator) on CLARA-COMPUTER on 12-09-2014 00:17:04
Running from C:\Users\Clara\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Dropbox, Inc.) C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-18] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [Google Update] => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-14] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD772B8DAD3AACB01
SearchScopes: HKCU - {ED1B9BF1-9BD4-4078-BA2E-924AB654916F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-30]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR DefaultSearchKeyword: Default -> 2236F588FBD4DECFC6F2A89BA645A8EB43EC22E1FB7C4088F43684CAE8F0FF11
CHR DefaultSearchURL: Default -> 088438C5D04F0212CFBE5FF554A4BD6C83440BDA68F400E4A40B9046864B7E1E
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Clara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (SmoothScroll) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn [2014-04-26]
CHR Extension: (No Name) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-02]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-11-02]
CHR Extension: (avast! Online Security) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-07-21]
CHR Extension: (Smooth Scrollerator) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmicgfcegednlkdhgbhgickcgndjeeig [2014-04-26]
CHR Extension: (Google Wallet) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKCU\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-18] (AVAST Software)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4609416 2013-11-06] (INCA Internet Co., Ltd.) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-18] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-18] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-07-03] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-07-03] ()
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 00:16 - 2014-09-12 00:16 - 00029743 _____ () C:\Users\Clara\Desktop\JRT.txt
2014-09-12 00:03 - 2014-09-12 00:03 - 00005460 _____ () C:\Users\Clara\Desktop\AdwCleaner[S0].txt
2014-09-11 23:58 - 2014-09-12 00:00 - 00000000 ____D () C:\AdwCleaner
2014-09-11 23:57 - 2014-09-11 23:57 - 00002267 _____ () C:\Users\Clara\Desktop\aswMBR.txt
2014-09-11 23:57 - 2014-09-11 23:57 - 00000512 _____ () C:\Users\Clara\Desktop\MBR.dat
2014-09-11 22:16 - 2014-09-11 22:16 - 01016261 _____ (Thisisu) C:\Users\Clara\Desktop\JRT.exe
2014-09-11 22:15 - 2014-09-11 22:16 - 01370483 _____ () C:\Users\Clara\Desktop\adwcleaner_3.309.exe
2014-09-11 22:13 - 2014-09-11 22:14 - 05185536 _____ (AVAST Software) C:\Users\Clara\Desktop\aswMBR.exe
2014-09-11 22:04 - 2014-09-11 22:04 - 00000000 ____D () C:\Users\Clara\Desktop\FRST-OlderVersion
2014-09-11 09:48 - 2014-09-11 09:48 - 00003274 _____ () C:\Windows\System32\Tasks\{85774FC0-9601-40E7-BBDB-C2716B854ADF}
2014-09-11 09:46 - 2014-09-11 09:46 - 00001272 _____ () C:\Users\Clara\Desktop\Revo Uninstaller.lnk
2014-09-11 09:46 - 2014-09-11 09:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-11 09:44 - 2014-09-11 09:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Clara\Downloads\revosetup95.exe
2014-09-11 09:19 - 2014-09-11 09:19 - 00000348 _____ () C:\Users\Clara\Desktop\AVAST Containerinfos.txt
2014-09-10 01:18 - 2014-09-10 01:18 - 807055908 _____ () C:\Windows\MEMORY.DMP
2014-09-10 01:18 - 2014-09-10 01:18 - 00500248 _____ () C:\Windows\Minidump\091014-25209-01.dmp
2014-09-10 01:18 - 2014-09-10 01:18 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 01:01 - 2014-09-11 09:22 - 00014044 _____ () C:\Users\Clara\Desktop\Logs.7z
2014-09-10 00:39 - 2014-09-10 00:39 - 00002846 _____ () C:\Users\Clara\Desktop\mbam.txt
2014-09-10 00:13 - 2014-09-10 00:13 - 00047537 _____ () C:\Users\Clara\Desktop\gmer.txt
2014-09-09 23:54 - 2014-09-09 23:55 - 00054427 _____ () C:\Users\Clara\Desktop\Addition.txt
2014-09-09 23:52 - 2014-09-12 00:17 - 00024364 _____ () C:\Users\Clara\Desktop\FRST.txt
2014-09-09 23:52 - 2014-09-12 00:17 - 00000000 ____D () C:\FRST
2014-09-09 23:51 - 2014-09-09 23:51 - 00000472 _____ () C:\Users\Clara\Desktop\defogger_disable.log
2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\Clara\defogger_reenable
2014-09-09 23:16 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-09 23:16 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-09 23:16 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-09 23:16 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-09 23:16 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-09 23:16 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-09 23:16 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-09 23:16 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-09 23:16 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-09 23:16 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-09 23:16 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-09 23:16 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-09 23:16 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-09 23:16 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-09 23:16 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-09 23:16 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-09 23:16 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-09 23:16 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-09 23:16 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-09 23:16 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-09 23:16 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-09 23:16 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-09 23:16 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-09 23:16 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-09 23:16 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-09 23:16 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-09 23:16 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-09 23:16 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-09 23:16 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-09 23:16 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-09 23:16 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-09 23:16 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-09 23:16 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-09 23:16 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-09 23:16 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-09 23:16 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-09 23:16 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-09 23:16 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-09 23:16 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-09 23:16 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-09 23:16 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-09 23:16 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-09 23:16 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-09 23:16 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-09 23:16 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-09 23:16 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-09 23:16 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-09 23:16 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-09 23:16 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-09 23:16 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-09 23:16 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-09 23:16 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-09 23:16 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-09 23:16 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-09 23:16 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-09 23:16 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-09 23:00 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-09 23:00 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 22:56 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 22:56 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 22:56 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 22:56 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 22:56 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 22:56 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 22:56 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 22:56 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-09 22:56 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-09 22:55 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 22:55 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 22:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 22:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 22:42 - 2014-09-11 22:04 - 02105856 _____ (Farbar) C:\Users\Clara\Desktop\FRST64.exe
2014-09-09 22:42 - 2014-09-05 00:08 - 00050477 _____ () C:\Users\Clara\Desktop\Defogger (1).exe
2014-09-09 22:42 - 2014-09-05 00:07 - 00380416 _____ () C:\Users\Clara\Desktop\Gmer-19357.exe
2014-09-08 23:40 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-08 23:40 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-08 23:40 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-08 23:40 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-08 23:40 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-08 23:40 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-08 23:40 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-08 23:40 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-08 23:40 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-08 23:40 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-08 23:40 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-08 23:40 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-08 23:40 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-08 23:40 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-08 23:40 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-08 23:40 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-08 23:37 - 2014-09-08 23:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-09-08 23:37 - 2014-09-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-09-08 23:35 - 2014-09-08 23:37 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-09-08 23:33 - 2014-09-08 23:33 - 00001074 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-08 23:22 - 2014-09-08 23:27 - 220827648 _____ () C:\Users\Clara\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi
2014-09-08 23:17 - 2014-09-08 23:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-08 23:17 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\Program Files\iTunes
2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 23:15 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 22:48 - 2014-09-08 22:48 - 00000000 ____D () C:\Windows\en
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\nl
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\it
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\hu
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\fr
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\es
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\de
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\da
2014-09-08 22:46 - 2014-09-08 22:46 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-09-08 22:46 - 2014-09-08 22:46 - 00000000 ____D () C:\Windows\sl
2014-09-08 22:42 - 2014-09-08 22:42 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-08 20:15 - 2014-09-09 22:34 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-08 20:15 - 2014-09-09 22:34 - 00000000 ____D () C:\Windows\system32\NV
2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-05 01:34 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-05 01:34 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-05 01:34 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-05 01:00 - 2014-09-10 00:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 01:00 - 2014-09-05 01:00 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-05 01:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 01:00 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 21:57 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 21:57 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 21:57 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-30 20:54 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-30 20:54 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-30 20:54 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-30 20:54 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-30 20:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-30 20:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-30 20:52 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-30 20:52 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-18 17:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-18 17:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-18 17:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-18 17:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-18 17:33 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-18 17:33 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-18 17:33 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-18 17:33 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-18 17:33 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-18 17:33 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-18 17:33 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-18 17:32 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-18 17:29 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-18 17:29 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-18 17:17 - 2014-08-18 17:17 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-18 17:16 - 2014-08-18 17:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-18 17:15 - 2014-08-18 17:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 00:17 - 2014-09-09 23:52 - 00024364 _____ () C:\Users\Clara\Desktop\FRST.txt
2014-09-12 00:17 - 2014-09-09 23:52 - 00000000 ____D () C:\FRST
2014-09-12 00:16 - 2014-09-12 00:16 - 00029743 _____ () C:\Users\Clara\Desktop\JRT.txt
2014-09-12 00:10 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 00:10 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 00:09 - 2013-07-14 19:34 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 00:04 - 2013-04-01 19:43 - 00000000 ____D () C:\Windows\ERUNT
2014-09-12 00:03 - 2014-09-12 00:03 - 00005460 _____ () C:\Users\Clara\Desktop\AdwCleaner[S0].txt
2014-09-12 00:03 - 2012-05-24 20:19 - 00000000 ___RD () C:\Users\Clara\Dropbox
2014-09-12 00:03 - 2012-05-24 20:17 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Dropbox
2014-09-12 00:03 - 2012-02-19 00:06 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Skype
2014-09-12 00:02 - 2013-07-14 19:34 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 00:01 - 2013-03-12 07:48 - 00895026 _____ () C:\Windows\PFRO.log
2014-09-12 00:01 - 2013-02-13 18:08 - 00013786 _____ () C:\Windows\setupact.log
2014-09-12 00:01 - 2011-11-10 21:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-12 00:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 00:00 - 2014-09-11 23:58 - 00000000 ____D () C:\AdwCleaner
2014-09-12 00:00 - 2012-02-16 21:35 - 01670574 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 23:57 - 2014-09-11 23:57 - 00002267 _____ () C:\Users\Clara\Desktop\aswMBR.txt
2014-09-11 23:57 - 2014-09-11 23:57 - 00000512 _____ () C:\Users\Clara\Desktop\MBR.dat
2014-09-11 23:46 - 2013-01-14 01:38 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002UA.job
2014-09-11 23:27 - 2013-04-01 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 22:46 - 2013-01-14 01:38 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002Core.job
2014-09-11 22:16 - 2014-09-11 22:16 - 01016261 _____ (Thisisu) C:\Users\Clara\Desktop\JRT.exe
2014-09-11 22:16 - 2014-09-11 22:15 - 01370483 _____ () C:\Users\Clara\Desktop\adwcleaner_3.309.exe
2014-09-11 22:14 - 2014-09-11 22:13 - 05185536 _____ (AVAST Software) C:\Users\Clara\Desktop\aswMBR.exe
2014-09-11 22:05 - 2011-11-04 03:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 22:05 - 2011-11-04 03:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 22:05 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 22:04 - 2014-09-11 22:04 - 00000000 ____D () C:\Users\Clara\Desktop\FRST-OlderVersion
2014-09-11 22:04 - 2014-09-09 22:42 - 02105856 _____ (Farbar) C:\Users\Clara\Desktop\FRST64.exe
2014-09-11 09:48 - 2014-09-11 09:48 - 00003274 _____ () C:\Windows\System32\Tasks\{85774FC0-9601-40E7-BBDB-C2716B854ADF}
2014-09-11 09:46 - 2014-09-11 09:46 - 00001272 _____ () C:\Users\Clara\Desktop\Revo Uninstaller.lnk
2014-09-11 09:46 - 2014-09-11 09:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-11 09:44 - 2014-09-11 09:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Clara\Downloads\revosetup95.exe
2014-09-11 09:22 - 2014-09-10 01:01 - 00014044 _____ () C:\Users\Clara\Desktop\Logs.7z
2014-09-11 09:19 - 2014-09-11 09:19 - 00000348 _____ () C:\Users\Clara\Desktop\AVAST Containerinfos.txt
2014-09-11 09:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 21:45 - 2013-07-14 19:35 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-10 21:41 - 2013-03-30 13:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-10 01:18 - 2014-09-10 01:18 - 807055908 _____ () C:\Windows\MEMORY.DMP
2014-09-10 01:18 - 2014-09-10 01:18 - 00500248 _____ () C:\Windows\Minidump\091014-25209-01.dmp
2014-09-10 01:18 - 2014-09-10 01:18 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 01:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 00:39 - 2014-09-10 00:39 - 00002846 _____ () C:\Users\Clara\Desktop\mbam.txt
2014-09-10 00:37 - 2014-09-05 01:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 00:27 - 2013-04-01 15:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 00:27 - 2012-05-28 07:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 00:27 - 2011-11-07 18:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 00:13 - 2014-09-10 00:13 - 00047537 _____ () C:\Users\Clara\Desktop\gmer.txt
2014-09-09 23:55 - 2014-09-09 23:54 - 00054427 _____ () C:\Users\Clara\Desktop\Addition.txt
2014-09-09 23:51 - 2014-09-09 23:51 - 00000472 _____ () C:\Users\Clara\Desktop\defogger_disable.log
2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\Clara\defogger_reenable
2014-09-09 23:51 - 2012-02-16 21:43 - 00000000 ____D () C:\Users\Clara
2014-09-09 23:14 - 2012-02-16 23:59 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-09 23:13 - 2013-07-21 13:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-09 23:02 - 2011-11-03 22:34 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 22:59 - 2014-05-07 07:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 22:34 - 2014-09-08 20:15 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-09 22:34 - 2014-09-08 20:15 - 00000000 ____D () C:\Windows\system32\NV
2014-09-09 22:34 - 2012-02-16 21:44 - 00107320 _____ () C:\Users\Clara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-09 22:31 - 2009-07-14 06:45 - 00421544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 23:37 - 2014-09-08 23:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-09-08 23:37 - 2014-09-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-09-08 23:37 - 2014-09-08 23:35 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-09-08 23:33 - 2014-09-08 23:33 - 00001074 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-08 23:27 - 2014-09-08 23:22 - 220827648 _____ () C:\Users\Clara\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi
2014-09-08 23:17 - 2014-09-08 23:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-08 23:17 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iTunes
2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 23:15 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 22:49 - 2012-05-15 07:14 - 00000000 ____D () C:\Users\Clara\Tracing
2014-09-08 22:48 - 2014-09-08 22:48 - 00000000 ____D () C:\Windows\en
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\nl
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\it
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\hu
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\fr
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\es
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\de
2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\da
2014-09-08 22:46 - 2014-09-08 22:46 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-09-08 22:46 - 2014-09-08 22:46 - 00000000 ____D () C:\Windows\sl
2014-09-08 22:46 - 2013-04-01 21:48 - 00001378 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-09-08 22:45 - 2012-05-15 07:02 - 00001494 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-09-08 22:43 - 2011-11-07 17:57 - 00002538 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-09-08 22:42 - 2014-09-08 22:42 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-08 22:42 - 2011-11-07 17:56 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-08 22:40 - 2013-04-01 21:40 - 00302312 _____ () C:\Windows\DirectX.log
2014-09-08 22:39 - 2014-04-15 18:53 - 00002208 _____ () C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-08 22:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-05 04:10 - 2014-09-09 22:56 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-09 22:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-05 01:47 - 2012-06-16 17:02 - 00000000 ____D () C:\Temp
2014-09-05 01:47 - 2011-11-10 21:16 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-05 01:47 - 2011-11-10 21:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-05 01:42 - 2011-11-10 21:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-05 01:00 - 2014-09-05 01:00 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-05 01:00 - 2012-02-18 23:39 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Malwarebytes
2014-09-05 01:00 - 2012-02-18 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 00:08 - 2014-09-09 22:42 - 00050477 _____ () C:\Users\Clara\Desktop\Defogger (1).exe
2014-09-05 00:07 - 2014-09-09 22:42 - 00380416 _____ () C:\Users\Clara\Desktop\Gmer-19357.exe
2014-09-04 20:59 - 2012-05-24 20:18 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-02 23:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-30 21:57 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 21:57 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 21:57 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 20:05 - 2014-09-09 23:16 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-09 23:16 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-09 23:16 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-09 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-09 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-09 23:16 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-09 23:16 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-09 23:16 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-09 23:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-09 23:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-09 23:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-09 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-09 23:16 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-09 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-09 23:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-09 23:16 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-09 23:16 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-09 23:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-09 23:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-09 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-09 23:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-09 23:16 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-09 23:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-09 23:16 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-09 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-09 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-09 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-09 23:16 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-09 23:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-09 23:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-09 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-09 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-09 23:16 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-09 23:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-09 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-09 23:16 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-09 23:16 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-09 23:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-09 23:16 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-09 23:16 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-09 23:16 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-09 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-09 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-09 23:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-09 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-09 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-09 23:16 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-09 23:16 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-09 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-09 23:16 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-09 23:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-09 23:16 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-09 23:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-09 23:16 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-09 23:16 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 17:17 - 2014-08-18 17:17 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-18 17:16 - 2014-08-18 17:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-18 17:16 - 2014-02-04 22:05 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-18 17:16 - 2013-03-30 13:43 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-18 17:16 - 2013-03-30 13:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-18 17:15 - 2014-08-18 17:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-18 17:15 - 2013-03-30 13:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

Some content of TEMP:
====================
C:\Users\Clara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkftavm.dll
C:\Users\Clara\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-10 01:48
         
Grüße...

Alt 12.09.2014, 12:02   #7
Warlord711
/// TB-Ausbilder
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
file: C:\Users\Clara\Desktop\MBR.dat
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 13.09.2014, 00:08   #8
Atue001
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



FRST liefert:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Clara at 2014-09-12 21:19:04 Run:2
Running from C:\Users\Clara\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
file: C:\Users\Clara\Desktop\MBR.dat
emptytemp:
         
*****************


========================= file: C:\Users\Clara\Desktop\MBR.dat ========================

MD5: FD3A50FD4CA0127ED79DB236D21B3AEA
Creation and modification date: 2014-09-11 23:57 - 2014-09-11 23:57
Size: 0000512
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product Name: 
Description: 
File Version: 
Product Version: 
Copyright: 

====== End Of File: ======

EmptyTemp: => Removed -50061640 byte temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         


ACHTUNG: Folgende Phänomene sind NEU:

Der Rechner hat sich nach dem ersten Start aufgehangen. Der Taskmanager konnte nicht mehr aufgerufen werden. Der Browser konnte nicht geöffnet werden. Nach einigen Minuten wurde der Bildschirm schwarz, nur noch der Mauszeiger war sichtbar - nichts ging mehr. Nach dem Ausschalter ließ sich der Rechner nicht wieder einschalten. Erst eine kurzzeitige Stromunterbrechung (Akku raus und wieder rein), ließ ihn wieder hochfahren.

Nach diesem zweiten Anlauf startete der Rechner, AVAST wurde aber nicht richtig gestartet - die Meldung kam, dass AVAST nicht eingeschaltet wäre. Nach manuellem Einschalten von AVAST lief dieser wieder.


DANN habe ich den FRST-Lauf gemacht.

Am Ende von FRST wird der Rechner durchgestartet - bei diesem erneuten Boot ist AVAST erneut nicht aktiviert worden. Nach dem manuellen Start sind im ersten Anlauf einige Module von AVAST nicht gestartet. Diese konnten dann manuell nachgestartet werden.

Dieses Verhalten ist neu!

Grüße

Habe ergänzend einen Durchlauf mit Malwarebytes gemacht - ohne Befund.
Im Anschluss habe ich nochmals AVIRA auf Basis der Desinfect CD durchgeführt - auch kein Befund.

Nach einem erneuten Restart hat sich AVAST zunächst gestartet, dann angezeigt, dass es nicht aktiv wäre, dann 30 Sekunden in diesem Zustand verharrt, dann aber erneut sich auf aktiv gesetzt.

Dieses Verhalten ist mir noch nie aufgefallen - vielleicht aber ist es auch normal. Seitdem läuft AVAST ganz normal vor sich hin - keine besonderen Auffälligkeiten des Rechners insgesamt.

Der ansonsten inzwischen relativ unauffällige Rechner meldet Seitens Secunia PSI noch veraltete Software MSXML4.0. Ein Update habe ich längst durchgeführt - aber die Meldung bleibt hartnäckig dabei....


Ansonsten ist der Rechner inzwischen unauffällig....

Alt 14.09.2014, 11:24   #9
Warlord711
/// TB-Ausbilder
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Jo, der MSXML4.0 Fehler ist wohl nen Bug in Secunia, hab ich schon öfters gelesen, ignorieren.

Könntest du die C:\Users\Clara\Desktop\MBR.dat Datei bitte als Anhang anfügen ?

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

ESET Scan dauert länger:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 15.09.2014, 07:35   #10
Atue001
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



checkup.txt:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=074ddae5a72f534db90ac90098e85512
# engine=20148
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-15 02:25:00
# local_time=2014-09-15 04:25:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 92 449740 175168390 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 59294 162377750 0 0
# scanned=444060
# found=14
# cleaned=0
# scan_time=45369
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=FF58643464A06A17B4FE7BC20EF077A4A63CA6D0 ft=1 fh=3ed4f76e1eec9c5a vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll"
sh=9C1F74613924FCC1259DC3E2BE0BDB31EA2590D9 ft=1 fh=83932a9109e1e39c vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\AudioConverter\AudioConverter.exe"
sh=5BACC04D6EDCA13D15661B1958EBA442CF36DE1E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\7ee2fd6b.msi"
sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe"
sh=4222E6B01BA109D70B345E09610717B941628A19 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-COMPUTER\Backup Set 2014-06-27 214523\Backup Files 2014-06-27 214523\Backup files 63.zip"
sh=8C1C069389FB5B16E88CA139A79EE98FE437E937 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-COMPUTER\Backup Set 2014-06-27 214523\Backup Files 2014-06-27 214523\Backup files 64.zip"
sh=F362C7CE85A6408DCB3308E59DF354FABAF9BEE2 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-COMPUTER\Backup Set 2014-06-27 214523\Backup Files 2014-06-27 214523\Backup files 65.zip"
sh=CFEB5370851E724ABD1A4C6E7368BDB012227642 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-COMPUTER\Backup Set 2014-06-27 214523\Backup Files 2014-06-27 214523\Backup files 66.zip"
sh=CF78B3D864320BF62789EF1DF2F9D6DA20617D16 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-PC\Backup Set 2011-12-13 193351\Backup Files 2011-12-25 220625\Backup files 11.zip"
sh=22FDEEE2C806F85BBCC73DC7F97A25944846C3F7 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="F:\CLARA-PC\Backup Set 2011-12-13 193351\Backup Files 2011-12-25 220625\Backup files 5.zip"
sh=FCBC957C16FDE00890549F2E48DC1244D23E9F10 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="F:\CLARA-PC\Backup Set 2011-12-13 193351\Backup Files 2011-12-26 113753\Backup files 1.zip"
sh=9C7C2D52C2FD09FE7A81D8B7D6702FA0E81C53A9 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="F:\CLARA-PC\Backup Set 2011-12-13 193351\Backup Files 2011-12-26 113753\Backup files 125.zip"
         
Und noch MBR.DAT

Code:
ATTFilter
3ÀŽÐ¼ |ûŽÀŽØ‹ô¿ ¹ üó¤ê`      POWERRECOVER H:PRESS <F11> TO RUN RECOVERY...
    W   ÿÿÿÿÿÿÿÿ†L½¾0¬´3ÛÍ
ÀuõãþSSè˜ ë6htfXf‡G$f£®‹lúf¡¿T±òf¯ût
¡l+Â=Z væf¡®f‰G$uG»Â}€?tO€Ãsö€ë€?u(f‹wf‹Ö³Â`fRè< arfW€?t'f‹WfÖ€tá€ûÂwË»(ë»Â}€ü x€Ãsõëþfÿwè ÿäÈ  ´²€ÍŠÁ$?þÆŠØöæÀé†ÍA‘÷á9V‹V‹Fs÷ñ‘’öó†ÍÀáÌAŠð¸» |†&ëƒÄRPh |jj‹ô¸ B²€ÍÉ PS»*$ˆGä`<àt<t<*t<6t<8t„Àyfƒ' ëþˆ[Xê          *ÃÒ+  € ! ß       ßþÿÿ (   •2  Áÿþÿÿ H˜2  €  Áÿþÿÿ H:   Uª
         

Wolltest du diese als Dateianhang hochgeladen haben? Die Endung DAT kann ich so nicht hochladen....

Grüße

Alt 15.09.2014, 14:38   #11
Warlord711
/// TB-Ausbilder
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Dann mach bitte ne .zip aus der MBR.DAT
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 15.09.2014, 20:57   #12
Atue001
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Im Anhang 2 Dateien - mbr.zip und auch mbr.7z

Ich hoffe, eine davon kannst du nutzen.

Danke und Grüße

Alt 18.09.2014, 09:36   #13
Warlord711
/// TB-Ausbilder
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Sorry Thema ist mir kurz vom Radar entwischt

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll
C:\Windows\Installer\7ee2fd6b.msi
D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Dein Java ist nicht mehr aktuell.
Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 67 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
schneller Plugin-Test: PluginCheck

Die Antiviren Software ist nicht up-to-date lt. SecurityCheck.

Ansonsten sind die Logs jetzt sauber (nach dem Fix) !

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 19.09.2014, 10:03   #14
Atue001
 
Viren und Malware gefunden - Standard

Viren und Malware gefunden



Ok, alles erledigt, PC läuft wieder wie geschmiert.....


Vielen Dank und Grüße

Spende folgt !

Antwort

Themen zu Viren und Malware gefunden
fehlercode 0x81000006, fehlercode 0xc0000005, fehlercode 0xc0000417, fehlercode 14007(0x36b7), pup.optional.babylon.a, pup.optional.datamangr.a, pup.optional.dealply.a, pup.optional.delta.a, pup.optional.holasearch.a, pup.optional.pcperformer.a, pup.optional.softonic.a, pup.optional.updater.a, win32/adware.yontoo.b, win32/bundled.toolbar.ask.g, win32/bundled.toolbar.google.e, win32/complitly.a, win32/downloadguide.a, win32/installcore.a, win32/toolbar.conduit, win32/toolbar.conduit.ai, win32/toolbar.conduit.b



Ähnliche Themen: Viren und Malware gefunden


  1. Malware, Viren, Ruckeln
    Log-Analyse und Auswertung - 23.10.2015 (1)
  2. Malware/Viren auf meinem Computer?
    Log-Analyse und Auswertung - 08.10.2015 (9)
  3. Viren, Malware usw. vom Laptop entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2014 (5)
  4. Einiges an Viren gefunden (Malware,Toolbar)
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (5)
  5. Viren mit Malwarebytes gefunden (Malware.Packer.Gen, PUP.InstallBrain)
    Log-Analyse und Auswertung - 18.05.2013 (20)
  6. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  7. Explorer_exe. Virus oder nicht (19 viren malware bytes gefunden)
    Log-Analyse und Auswertung - 16.01.2013 (4)
  8. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  9. 74 Viren gefunden, Firewall down, 95p und Media.. Viren
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (1)
  10. AntiVir hat Malware gefunden; HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (3)
  11. Viren Yabectot, Malware-gen, GenericBT beseitigt?
    Log-Analyse und Auswertung - 16.09.2011 (29)
  12. nach malware scan 139 viren gefunden auf meinen rechner was soll ich tun
    Plagegeister aller Art und deren Bekämpfung - 12.06.2011 (1)
  13. Viren/Malware?
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (1)
  14. Hinweise auf Viren, Trojaner, malware? z.b.
    Log-Analyse und Auswertung - 11.02.2010 (1)
  15. viren entdeckt bei malware scan
    Log-Analyse und Auswertung - 07.01.2009 (0)
  16. Antivir hat 117 Viren/Malware angezeigt :o(
    Log-Analyse und Auswertung - 08.08.2008 (1)
  17. Viren/Malware unter Vista?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2007 (1)

Zum Thema Viren und Malware gefunden - Hallo, nachdem sich ein Rechner ungewöhnlich verhalten hat (Langsam, Abstürze, Absturzmeldungen des Browsers, Bluescreen) habe ich den Rechner unter die Lupe genommen. Folgendes habe ich unternommen: 1) Desinfec't 2014 auf - Viren und Malware gefunden...
Archiv
Du betrachtest: Viren und Malware gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.