Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.09.2014, 21:25   #1
sundaytrain
 
ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



Hallo liebe Helfer,
Mein Avira schlägt in letzter Zeit oft Alarm und ist offenbar nicht fähig, die Viren restlos zu entfernen. Zuletzt kam ein Sicherheitshinweis als ich eine Datei im Papierkorb gesucht habe und zwar war 'adware/MultiPlug.aob' am werkeln...
Jetzt muss ich endlich mal dagegen angehen und da ich nicht alles noch schlimmer machen will, hoffe ich auf Unterstützung.

Vielen lieben Dank schon vorab,
Sundaytrain


FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on WOLF-PC on 17-09-2014 19:59:46
Running from C:\Users\Administrator\Downloads
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [] => [X]
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {1f43a026-c5cd-11e0-9ce5-6cf049925e28} - G:\pushinst.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {82215e22-5988-11e0-8644-000272cc02ec} - K:\Setupx.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {cc98b0c0-f97a-11e0-be2d-806e6f6e6963} - G:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60FB5BE5B7ECCB01
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -  No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
BHO: CescrtHlpr Object -> {64182481-4F71-486b-A045-B233BD0DA8FC} -> C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DealPly -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\user.js
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\ADelta.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: PCCSyncFactory - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{D7919E63-B02E-1153-9E5F-DE727E353E59} [2013-12-19]
FF Extension: Heart Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\ffextension@weheartit.com.xpi [2012-05-10]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\Administrator\AppData\Roaming\11001 [2012-03-19]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-17]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe

Chrome: 
=======
CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DealPly Shopping) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma [2013-05-01]
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoods.crx [2010-11-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-18] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-04] (Avira GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 19:59 - 2014-09-17 20:01 - 00013240 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:59 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-13 16:42 - 2014-09-13 16:43 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 14:37 - 2014-09-11 14:57 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 15:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 12:30 - 2014-09-09 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-05 11:43 - 2014-09-08 14:11 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-08-29 19:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 20:53 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 20:53 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 20:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 20:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-19 16:35 - 2014-09-05 20:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 20:01 - 2014-09-17 19:59 - 00013240 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:59 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-17 19:58 - 2011-03-27 20:07 - 01065720 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-09-17 19:55 - 2011-10-23 20:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-09-17 19:54 - 2011-08-13 18:42 - 00162981 _____ () C:\Windows\setupact.log
2014-09-17 19:54 - 2011-08-13 18:41 - 00219088 _____ () C:\Windows\PFRO.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:53 - 2011-03-28 21:25 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:43 - 2011-08-14 15:23 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-09-17 19:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-17 19:34 - 2011-08-14 15:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-17 18:55 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 18:55 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 15:42 - 2012-04-27 13:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 17:11 - 2011-03-27 20:35 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 16:43 - 2014-09-13 16:42 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 16:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 14:57 - 2014-09-11 14:37 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:35 - 2013-08-08 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 14:34 - 2014-08-10 16:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:34 - 2013-04-05 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:34 - 2013-04-05 14:35 - 00000000 ____D () C:\Program Files\Avira
2014-09-10 15:23 - 2011-03-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:06 - 2011-03-28 23:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 14:12 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-09 12:30 - 2014-06-16 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\gut
2014-09-08 14:11 - 2014-09-05 11:43 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-09-05 20:09 - 2014-08-19 16:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-30 14:09 - 2009-07-14 06:33 - 02416904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 13:56 - 2012-06-21 16:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-24 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-23 03:46 - 2014-08-29 19:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-29 19:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-20 14:42 - 2011-08-13 19:18 - 211386464 _____ () C:\Windows\MEMORY.DMP
2014-08-20 14:42 - 2011-08-13 19:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-19 19:39 - 2014-09-10 15:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 17:11 - 2011-10-12 11:54 - 00000000 ____D () C:\Users\Administrator\.gimp-2.6
2014-08-19 00:26 - 2014-09-10 15:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-10 15:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-10 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-10 15:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-10 15:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-10 15:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-10 15:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 15:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 15:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-10 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 15:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-10 15:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-10 15:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-10 15:22 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-10 15:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-10 15:22 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-10 15:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-10 15:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 15:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-10 15:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 15:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-10 15:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-10 15:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 15:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-10 15:22 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-10 15:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-10 15:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-10 15:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-10 15:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 16:04 - 2012-05-10 15:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 16:04 - 2012-05-08 15:18 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-18 16:04 - 2011-08-30 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\SIntf16.dll
C:\Users\Administrator\AppData\Local\Temp\SIntf32.dll
C:\Users\Administrator\AppData\Local\Temp\SIntfNT.dll
C:\Users\Administrator\AppData\Local\Temp\tbuTor.dll
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-08-27 22:41

==================== End Of Log ============================
         

Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Administrator at 2014-09-17 20:01:43
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKLM\...\uTorrent) (Version: 3.0.0 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Black and White (HKLM\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version:  - )
CameraHelperMsi (Version: 13.25.1010.0 - Logitech) Hidden
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
DealPly (remove only) (HKLM\...\DealPly) (Version: 4.8.6.1 - DealPly Technologies Ltd.) <==== ATTENTION
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.26.89 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facemoods Toolbar (HKLM\...\facemoods) (Version:  - ) <==== ATTENTION
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Free YouTube to MP3 Converter version 3.12.5.628 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.5.628 - DVDVideoSoft Ltd.)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech QuickCam-Treiberpaket (HKLM\...\lvdrivers_11.70) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (Version: 13.25.1016.0 - Logitech) Hidden
LWS Launcher (Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.25.1010.0 - Logitech) Hidden
LWS Twitter (Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.20.1166.0 - Logitech) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{0D951CBB-743C-4A68-8C85-97D89A61D7CD}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Designelemente) (HKLM\...\MX.{F6BDBD1F-A884-4510-8A9F-3DC6E5EBDFE3}) (Version: 1.0.1.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Designelemente) (Version: 1.0.1.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Fotoshow Maker-Stile 1) (HKLM\...\MX.{828C109A-ABB5-4CDD-9927-349C79FC35DD}) (Version: 1.0.1.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Fotoshow Maker-Stile 1) (Version: 1.0.1.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (HKLM\...\MX.{EA62B22F-AB0A-406B-80A9-8036D3CE3446}) (Version: 13.0.0.30 - MAGIX AG)
MAGIX Video deluxe 2014 (Titeleffekte) (HKLM\...\MX.{31D344AE-405C-44CC-B24B-BD080192F0BA}) (Version: 1.0.1.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Titeleffekte) (Version: 1.0.1.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Überblendeffekte) (HKLM\...\MX.{441E384F-5B2B-4DF6-936D-27B384B7AC60}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Version: 13.0.0.30 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 1.61.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{be6b5eee-db60-4e8a-a1de-fa0fa06bc4ac}) (Version:  - Nero AG)
Nero Burning ROM Help (Version: 9.4.17.100 - Nero AG) Hidden
Nero BurnRights (Version: 3.4.11.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.17.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Recode Help (Version: 4.4.31.0 - Nero AG) Hidden
Nero Rescue Agent (Version: 2.4.12.100 - Nero AG) Hidden
Nero RescueAgent Help (Version: 2.4.4.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.12.100 - Nero AG) Hidden
Nero WaveEditor (Version: 5.4.32.0 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.17.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.17.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 3.0.0.290 - Nokia)
Nokia Ovi Suite (Version: 3.0.0.290 - Nokia) Hidden
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Ovi Desktop Sync Engine (Version: 1.5.161.0 - Nokia) Hidden
OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Viewer (HKLM\...\{615666DE-89E6-4F92-8ED8-E424CC8E5B09}) (Version: 2.5.194.0 - Tracker Software Products Ltd.)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QCad 2.0.5.0 (remove only) (HKLM\...\QCad 2.0.5.0) (Version:  - )
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Shape Collage (HKLM\...\ShapeCollage) (Version:  - Shape Collage Inc.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4000.60 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4000.60 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4000.60 - TuneUp Software) Hidden
UltraStar 0.8.4 (HKLM\...\UltraStar) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update_DealPly (HKCU\...\DealPly) (Version:  - ) <==== ATTENTION
VLC media player 1.1.8 (HKLM\...\VLC media player) (Version: 1.1.8 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.61  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-08-2014 23:47:46 Windows Update
23-08-2014 18:52:32 Windows Update
29-08-2014 17:30:11 Windows Update
10-09-2014 13:05:32 Windows Update
17-09-2014 17:35:02 Removed Windows Movie Maker 2.6
17-09-2014 17:40:25 Removed Apple Software Update
17-09-2014 17:41:59 Removed Apple Application Support

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2011-04-07 18:24 - 00000028 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {193D2E29-A9DA-4E30-8494-97DBF4247539} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29] (Sun Microsystems, Inc.)
Task: {7A52D4F8-4236-4D15-A7F2-B2D991126706} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {9D8E7FD1-54BA-4211-8B29-88EAC8278914} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18] (Adobe Systems Incorporated)
Task: {C583A00C-AC53-40F4-A48B-A16F758DA53A} - System32\Tasks\DealPly => C:\Users\Administrator\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-05-26] () <==== ATTENTION
Task: {D479A751-1B52-4A7B-B4B4-205419F1D2BC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-03-16] (TuneUp Software)
Task: {FF063F40-C7D7-4DCF-9C51-8CA420EB7A67} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\ADMINI~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job => C:\Program Files\TuneUp Utilities 2011\OneClick.exe

==================== Loaded Modules (whitelisted) =============

2014-08-27 14:57 - 2014-08-27 14:57 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-10 16:53 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Administrator\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-13 16:43 - 2014-09-13 16:43 - 03716720 _____ () C:\Program Files\Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2014 07:32:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.1.5367, Zeitstempel: 0x541259dd
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.1.5367, Zeitstempel: 0x541225d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xc58
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (09/05/2014 10:00:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 11.0.0.0, Zeitstempel: 0x48d3882e
Name des fehlerhaften Moduls: Save for Web.8BE, Version: 11.0.0.12, Zeitstempel: 0x48d3928d
Ausnahmecode: 0x40000015
Fehleroffset: 0x00337ed5
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3

Error: (08/31/2014 00:06:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/26/2014 06:59:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0xfd0
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3

Error: (08/10/2014 11:34:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 11.0.0.0, Zeitstempel: 0x48d3882e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6e617254
ID des fehlerhaften Prozesses: 0xd34
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3

Error: (08/04/2014 05:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.6600.1000, Zeitstempel: 0x4de50c7e
Name des fehlerhaften Moduls: mso.dll, Version: 12.0.6683.5000, Zeitstempel: 0x51e6dff3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00c59c78
ID des fehlerhaften Prozesses: 0x380
Startzeit der fehlerhaften Anwendung: 0xPOWERPNT.EXE0
Pfad der fehlerhaften Anwendung: POWERPNT.EXE1
Pfad des fehlerhaften Moduls: POWERPNT.EXE2
Berichtskennung: POWERPNT.EXE3

Error: (07/20/2014 11:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16a0

Startzeit: 01cfa45fbd9db740

Endzeit: 49

Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe

Berichts-ID:

Error: (07/20/2014 11:15:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6ec

Startzeit: 01cfa45f78ece080

Endzeit: 41

Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe

Berichts-ID:

Error: (07/20/2014 11:13:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1660

Startzeit: 01cfa45c2c569520

Endzeit: 0

Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe

Berichts-ID:

Error: (07/20/2014 09:13:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 91c

Startzeit: 01cfa44e44592920

Endzeit: 63

Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe

Berichts-ID:


System errors:
=============
Error: (09/17/2014 07:54:44 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/17/2014 07:54:44 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/17/2014 06:50:09 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/17/2014 06:50:09 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/17/2014 09:17:20 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/17/2014 09:17:20 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/15/2014 03:42:45 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/15/2014 03:42:45 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/14/2014 04:44:53 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/14/2014 02:11:48 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (02/11/2013 06:17:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2370 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/19/2013 04:50:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/20/2012 10:10:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 225 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 63%
Total physical RAM: 2046.55 MB
Available physical RAM: 749.72 MB
Total Pagefile: 4093.11 MB
Available Pagefile: 2385.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:45.13 GB) NTFS
Drive d: (Meins) (Fixed) (Total:146.48 GB) (Free:127.18 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:147.4 GB) (Free:146.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F505F505)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=147.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER
Code:
ATTFilter
MER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-17 21:07:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3500320AS rev.SD15 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kxldqpob.sys


---- System - GMER 2.1 ----

SSDT            8EAE8DE6                                                                                                            ZwCreateSection
SSDT            8EAE8DF0                                                                                                            ZwRequestWaitReplyPort
SSDT            8EAE8DEB                                                                                                            ZwSetContextThread
SSDT            8EAE8DF5                                                                                                            ZwSetSecurityObject
SSDT            8EAE8DFA                                                                                                            ZwSystemDebugControl
SSDT            8EAE8D87                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                            83287A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              832C1212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                 832C858C 4 Bytes  [E6, 8D, AE, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                 832C88E8 4 Bytes  [F0, 8D, AE, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                 832C892C 4 Bytes  [EB, 8D, AE, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                 832C89A8 4 Bytes  [F5, 8D, AE, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                 832C89FC 4 Bytes  [FA, 8D, AE, 8E]
.text           ...                                                                                                                 
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x8F43A000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtCreateFile                                                   777A5608 5 Bytes  JMP 6450FC70 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtFlushBuffersFile                                             777A5998 5 Bytes  JMP 644E942A C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtQueryFullAttributesFile                                      777A6028 5 Bytes  JMP 6450F6B0 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtReadFile                                                     777A62F8 5 Bytes  JMP 644E9520 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtReadFileScatter                                              777A6308 5 Bytes  JMP 64E099A8 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtWriteFile                                                    777A6AA8 5 Bytes  JMP 64510710 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtWriteFileGather                                              777A6AB8 5 Bytes  JMP 64E09957 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!LdrLoadDll                                                     777C22AE 5 Bytes  JMP 69C31F42 C:\Program Files\Firefox\mozglue.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                            76CA94E6 7 Bytes  JMP 64D77A24 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] kernel32.dll!QueryPerformanceCounter + 13                                76CAC4E5 7 Bytes  JMP 64D77A47 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] kernel32.dll!LoadAppInitDlls + 355                                       76CAF5A6 7 Bytes  JMP 6450C5A7 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] USER32.dll!GetWindowInfo                                                 76DE4B5E 5 Bytes  JMP 64C7ECB7 C:\Program Files\Firefox\xul.dll
.text           C:\Program Files\Firefox\firefox.exe[2644] GDI32.dll!GetViewportOrgEx + 26C                                         76F6884B 7 Bytes  JMP 64D779A5 C:\Program Files\Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc02ec                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc02ec@fce55754c1cd                            0xB5 0x85 0x77 0x77 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x7B 0x63 0x08 0xE1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xF1 0x98 0x8F 0xF5 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x77 0x9F 0xB1 0xEB ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc02ec (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc02ec@fce55754c1cd                                0xB5 0x85 0x77 0x77 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x7B 0x63 0x08 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xF1 0x98 0x8F 0xF5 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x77 0x9F 0xB1 0xEB ...

---- EOF - GMER 2.1 ----
         

Avirafunde
Code:
ATTFilter
Exportierte Ereignisse:

10.09.2014 15:21 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Administrator\AppData\Local\Temp\7725.tmp'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Rotbrow.K' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

10.09.2014 15:21 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Administrator\AppData\Local\Temp\5B97.tmp'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/BProtector.C' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.09.2014 19:20 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'D:\$RECYCLE.BIN\S-1-5-21-1242816113-3164560358-2465018757-500\$RG5OXV4.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/MultiPlug.aob' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

10.09.2014 15:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Administrator\AppData\Local\Temp\5B97.tmp'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/BProtector.C' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

10.09.2014 15:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Administrator\AppData\Local\Temp\7725.tmp'
      wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Rotbrow.K' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

10.09.2014 15:21 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Administrator\AppData\Local\Temp\5B97.tmp'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/BProtector.C' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         

Alt 17.09.2014, 21:27   #2
schrauber
/// the machine
/// TB-Ausbilder
 

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



hi,

Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 18.09.2014, 20:06   #3
sundaytrain
 
ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



Nabend,
Danke für die schnelle Antwort! Es müsste soweit alles geklappt haben.


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.09.2014
Suchlauf-Zeit: 18:36:37
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.18.05
Rootkit Datenbank: v2014.09.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353714
Verstrichene Zeit: 15 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Code:
ATTFilter
# AdwCleaner v3.310 - Bericht erstellt am 18/09/2014 um 19:50:06
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Administrator - WOLF-PC
# Gestartet von : C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Gutscheinmieze
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\ConduitCommon
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\invalidprefs.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\foxsearch.src
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Dealply

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5bed688e068e815
Schlüssel Gelöscht : HKLM\SOFTWARE\5bed688e068e815
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_usenext_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_usenext_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.1 (x86 de)

[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "088add4d000000000000001c4af2cbdf");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15901");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.518:35:18");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121563&tt=150713_9127&tsp=4944");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

[ Datei : C:\Users\Wolf2\AppData\Roaming\Mozilla\Firefox\Profiles\6exy0tw0.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5338 octets] - [18/09/2014 19:07:52]
AdwCleaner[S0].txt - [5160 octets] - [18/09/2014 19:50:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5220 octets] ##########
         

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.6 (09.18.2014:1)
OS: Windows 7 Ultimate x86
Ran by Administrator on 18.09.2014 at 19:56:29,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1242816113-3164560358-2465018757-500\Software\sweetim



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Dealply.job



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{00AA5727-DD7A-48DD-8382-AC070854C4E2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{027B32F5-A002-4A38-9663-B9413632CAB2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{02EA565D-99EB-4343-AE4D-6B747AEE6CA4}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{03EEE1F4-594D-475F-A827-7EC19E71714D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{049E780D-6085-449C-998F-22DD076A9E79}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{05C80E40-8F6B-4B84-9A4F-BE83487CCB1E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{061D0243-B5B9-4357-8466-821C56973DC5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{078E3EC1-CC85-4E19-8C9A-C6ED377201AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{07EA176D-92F7-4793-8D7E-650A907D42BE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{07FF2065-F299-4218-BF38-02223CDBB19D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{089348E6-A395-479C-A198-AAC90BA81B4B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{08CD86CF-3918-4EC7-B637-718315006343}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{096717E9-4103-4E18-B860-E5522819B26B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{09BDD3B9-A818-4918-B323-1F1F678600DB}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{09E7EAA5-3FD0-486F-BCE2-5C7C58ADEF07}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0AF84CAE-E3D2-4EE0-9C45-2C0E83E1F0A8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0BB7C8FD-47BC-4FF6-B1DF-81346A2F30CF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0CCCDC8B-F343-4B11-AFC7-176CB4447307}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0D7023AC-0107-4791-9393-E48C0FFC234E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0D7A40B4-77EF-4141-B0EA-8933F30A815A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0E1EB78A-E60E-4FB5-BFA6-0880E0B87F31}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0F307E0E-4FE2-4A77-8226-25217C4DDFDC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0FDF8BEB-6EEE-423D-BEDE-2F0E54BB2F2C}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{124218DE-1773-4EEA-A0A4-C3D20687A6AE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{12B83BF8-8465-41FD-ABBE-A0176995ECBA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1541D635-87EC-46F1-9F86-8F2A78660C32}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1558C57E-4C62-4F0F-890F-22C5A03351B6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{15C45232-6FAF-4F94-B5B7-5BF41E22DB59}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1A0DF523-99DF-4664-B8C8-C6F94B1C71F9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1B05221A-04A7-47F1-B7AB-3628CD51FC6F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{200065EB-BC39-4ACB-92B3-7F2118D44A6E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{23F0EAD7-1FF1-4F37-A867-641A995CAF44}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{25A5E605-8D7A-4B50-B25F-D03186CF77AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{26449F08-1202-4F9E-889D-2D95FEE36F69}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{267AEB08-15C0-4087-B773-0BAF3D781B99}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2778846D-1749-41B9-A24B-E65E126953AA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{28F8F324-A813-4B3C-9B3C-6F488FBD7D5A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{29451743-5A1C-4514-9290-7C6720327836}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{294EF43F-6356-4A58-8AB6-CEA99DD18965}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{29AAA2CA-9577-4AC7-AAF0-60FCA3C05557}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2B33A253-12F5-4B23-9B4D-1AD703875C11}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2B4D4560-BC7F-4DDE-BF23-586E3764B28F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2F1E7E73-D654-475E-97BF-9BFB4D570C50}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2F84EF9A-7CCA-475C-9FE6-EEAAF32B89FA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2FA4C1E3-4D2D-486E-9913-919282BD3120}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2FF4B748-4281-4F6E-9989-666A6D8156E5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{30113FE4-96E4-432C-B4BB-8B456A4980F3}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3126FFF2-A0CA-4FA5-ACE5-146241F4013E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{31B0C9CD-E541-4FDC-8BC8-AAA0F97389D1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{320419FC-5EEB-49DD-8DEF-FA9AC39FD546}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{32CE709C-8C11-4C83-AC2B-D951E75D3B95}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3397ECC0-D03B-4228-B91F-383D253AAC80}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{33DC7160-224E-4798-8077-2F800E8B84E8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{344CE6C3-580B-408D-AB7D-8419A0904C53}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{35D3825C-399D-4DF4-850D-D812992C81C9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3746A931-1CCF-4A52-A621-5C20576CEBD2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{39694A3A-8A28-4673-BFCF-62617CF00747}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3C579D75-CA10-45DD-8AD6-2589295FD82F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3D05CD43-B0E2-4B91-B9D9-72DC3A3DA975}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{401A0665-5071-4BD8-B7F8-4350BE05FA6B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{401FE919-F656-4CA6-845C-C31F2B4D7B86}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{40775414-ED3D-4BC2-B4A3-01920DB815ED}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{421B3F07-F9C0-49EB-8963-595FEAB7163D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{42494C68-F6CD-4F6B-BC0D-B1A6D504E5F5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4303163D-533C-4776-A108-BD0A208D6941}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{45920D91-BADA-4227-9A6D-040D36CA1B6E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{463E6EE2-E7F2-4CE5-AB55-6BAF8C2938BC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{46F679E0-28E0-41FF-8FE8-4E4492B13B7F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{47BA274B-F644-456F-9004-56D4C6630A5D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4BDCC5EA-E933-4D12-9DA4-F8D50C5047FA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4CF1F396-CAC3-49F3-A277-923F277753C8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4DF61B03-6FE4-4909-B28C-273E9CAB7658}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4ECA6516-0984-483F-BFFF-8C6A18DC007F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4EFB7323-76B5-4532-8EB2-78AA24C978B9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5006F0CD-F540-4DA0-9DBE-BAF13AC38A27}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{50932DA9-44FF-4E1D-8EFB-95CE07EEFD7D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{50A6BB73-AEEF-4495-AA45-5018DA601D69}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5110D7DC-0668-42A1-BF86-7EFC11360B2E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5272D806-0971-4FC0-A47E-9ED99C537365}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{54483DFC-D518-433C-81A2-48A85A623FDC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5585E72A-D835-4B34-8BB6-B4606B38FD14}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{55D98D74-6461-4E0D-A02F-337775A5D8ED}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{56AE47CD-5895-4538-BE42-44E01B4077C0}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{56C03772-3AF1-46BB-9191-54ABF8993130}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{570CBA08-B19C-487A-ABAE-3CA7DB29346F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{571F156E-1113-41B5-8D94-91D0E3DADBFC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5771E7B7-D534-470A-BDF3-A4EBC21696C5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5A05178C-6CD1-4E77-AB6A-204767E04FF2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5CA82FAB-1956-4CC8-B96E-1EE4161736DD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5D2FC71C-9D2F-424A-8B54-53BFE45F994D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5F0BD469-6636-4F19-B64A-262723E68340}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5F34C0F5-13CF-4754-BE78-79B10652D56B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6006A6A1-B86A-435B-894E-570B220B3517}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6123160C-CD73-434D-A8C8-579038782BB2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{642C0FD7-1E48-4C3C-8467-4F8D5FA7D313}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{65174C9D-D96D-4282-8878-EDE84A2A6A44}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{662D84CA-A1FB-4990-99F3-CC4775D253D1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{686C65B2-0D99-48E0-8C23-884CAD6144AD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{699C4446-3142-4054-A901-894A64EA8293}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6D20DC5C-154F-4ABA-AB88-DF19D95CE211}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6D42BB08-34D2-48D0-9245-CE1BA965FB03}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6D8E95A7-D3C3-4956-86AE-C0756156A631}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6F10C994-43DA-4DB0-A8D8-C314F0A939D8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6F125F56-5BAA-4394-8613-F3AEF5FB252C}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6F64B148-47DF-414F-BF46-56B26659EE6B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7098DE43-8811-4FA3-80EA-14870C832215}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{738BB6B5-75C9-41D2-839C-AEF6E4D3023A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7796148C-0562-4C7D-9D37-E8A896C84642}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{77C9B138-BD0A-4C31-A55D-6D8B64009322}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{78A385F3-4C48-4646-8AC3-F924182718CC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7AE00891-4BF0-4DDF-B8BF-253A49A870D7}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7B4E02B0-064F-4899-96E5-20CA7E952F41}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7BECDB1B-ADA5-42E3-93BF-69B5EB77CB4D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7D179FB2-FC57-4D53-9107-0E385D03D733}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7D2F2333-87A6-45F5-8E14-90689B322721}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7DE78E93-80A1-437A-A979-E8EEC52CC9EE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7E8ADF27-AE83-4E20-A451-0855294CF1AB}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7EB71B58-933E-4302-8D6C-7361AC3745B7}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7EF5EC32-33ED-427F-8533-F0D9CEA68654}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7F001CC2-39F4-4551-A562-46F4C5D9874A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8207E4D8-8C85-4945-9930-4D995B946521}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{86778693-C73E-427E-9E15-E730C0DEBDBF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8699BCA2-4D21-447D-86D7-AE174F0FBE99}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{87BC98CD-7D00-4C37-BD83-AB97D8B3D3FF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{87D9921E-8446-4214-9CFE-C49C85E0FB0E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{88830458-22C6-4507-AB5A-42E5CAF0E2E9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8A82F9F8-3413-48B6-B765-28B3EF481CEF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8D61429E-74AD-4523-B949-BD132A80D600}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8E9F760F-A925-4380-9391-B51D96844804}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8EAC0F4F-612B-4EE9-A10E-6858D49917DD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8FD6376D-A84E-4C4B-A94D-8EE5C348F0C9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{91ECD8F2-9E8A-407A-898A-657CF342CAD8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{920C1BD2-B69C-40E3-8237-91E999B5AC42}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{93AE4569-AB36-4760-81E1-C84C148EFF5D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{940551F2-D89F-4F89-B292-24CEC919FD9E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{97500A6B-6C8E-49A8-82F7-FB54EA23BAFA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{97DB7739-56FE-4228-B311-2B943B45A229}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{9812ED64-7624-482D-9037-7A3AB1ED6F35}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{98FEB8A4-B0D5-49C0-811B-550FB997F6D9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{9C32C7A5-F9E4-4921-88F7-41A1764EA1E1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{9E94A999-8F09-4557-9C67-1BC24E2936DB}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{9F4BEF24-0F0C-4FC2-B65F-CB5DEC5FF5D6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A01C21FD-9A10-46AE-A69E-2279C79CADE0}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A0983AC6-FE03-4DC0-B2CD-16250668C7EE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A0DC223B-EE1B-41B1-BF8F-68C24B3EC422}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A2656A21-1AD4-4309-9A9D-A46BB012D5AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A2DF1152-03E8-4174-BABF-193551383AAA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A31C8E26-D02A-43EF-BCE3-92AC90A949B1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A3CE7047-4498-4CE4-AC68-384757D9B007}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A413B210-49C3-4BC9-B138-3010648088AC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A571E932-A6E0-422B-9C68-E1BFCFB73FFB}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A75EC58E-9AAA-4C88-9CF1-3F806E56EF25}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A7CF451D-0BDF-4211-89E1-9A8B39318A4C}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{AA8F90A5-2208-4C1A-9240-8024215CC3F7}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{AAA0C9B7-353B-4455-8236-78F8D8D610C3}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B015C33C-EA7E-437F-A9CA-38050B348484}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B0581A2D-50AD-4FBF-B4ED-D79B7EB32447}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B0B34383-1541-4286-8CF2-DC2398FAC2FA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B1136C04-BA61-4712-BD59-763BB8C5BBA5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B27276B7-E671-4E13-BDFA-F5D1CBD87858}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B2A8CC10-90A5-40F9-AE04-58B4316D8051}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B306BA45-AE5A-40E0-9726-4E6CCC9C545E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B36157E1-1640-460D-8BB5-4C99E92A99E3}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B5003F6D-F1D3-40A4-BC23-59D798FF8D32}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B569C79C-962E-4BED-A8D5-C9EA1A7C2901}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B5DB5BFE-D33B-4B49-9771-53C5816F66B8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B62F31A7-ADAF-46B8-A086-BB611032F5F7}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B7921414-0B58-4728-84CE-F122B1BC07C5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B8AE39C4-A2B8-40CC-AB87-4D3AF16FA2F6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BA3D093A-CE80-4670-BDD3-7A72762F5441}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BB0D83E7-7469-48EA-B345-B5D1516E33B5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BB8BE1F2-39CF-410C-A73C-4A338D4A2967}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BBA017E4-CFB4-49D4-B802-C8A2A34102D6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BD4D26E4-E6AB-437D-9278-740100A388CD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BDA2DA9E-E556-4171-B4F6-2EE8ED413514}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BEEBDD98-009A-414B-94BD-B807CB2CD78C}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C1192A4C-611F-428D-B887-9909720A51AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C3033550-FC24-4F65-9A81-69719406B361}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C32E613D-0E6D-4CB4-BB52-F14E3AC81C94}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C42D7623-024E-474E-AD9A-983BD024E1D2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C4BF2B0D-65A0-461A-BC80-39B4C6E6EE20}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C5A65C2E-99B3-4ADA-83EF-94F66B72CE73}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C61FB34A-AB5E-4986-895D-CB97E16F3AC1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C71C5FEE-C34A-46DB-99DD-F48446139CDD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C7360B2A-7878-49FB-BFAA-4B3276690A72}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C74AC78C-28F3-4B46-8D6D-356487989904}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C77FE689-2C99-4287-9577-1B8230D2574E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C88BDFEE-207D-49C4-9A99-93D8D06B59D1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{CB426ED8-15CB-455B-BC3C-E7EF890A2FEF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{CB706A49-948E-4319-B9D6-7230DCCE809F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{CD281C72-A676-4A04-A64B-A93713BA6915}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D04D561F-0DF4-44CB-AB1A-59C193425C1B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D0AA69EE-EABA-4D6D-99AB-05A81E5D0099}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D2BC596F-CA96-411D-A9FD-E7EDAB09D0BC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D2CEA4F2-4A1F-4483-8325-49F2013D6127}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D625801D-53E9-4EF8-9DA9-C4A74C5F7032}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D88A5616-2768-4F42-8205-18134D7E6BC6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D925B8FF-3648-489E-8003-0415E6EEFB7B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D9683EFF-3391-4A7A-89BC-779B5F526BD0}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D9D3EF1E-4557-4E42-984B-5F0EF9FFF95A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DCC7AD0F-F60E-4B83-A247-897CCB3DB7CE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DDAA03A4-5164-48B4-B948-5F3BD3BB4A9B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DDBFF20B-500F-4763-A88D-E9000E6E28CA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DEF8A80A-ED9E-4995-AFCF-B246A014CBDF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E1D00B0B-CF7C-415F-BAF7-00CB86088A9F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E1FDDD35-281C-4EAD-9972-D27A44B34D9D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E2846E9B-0C71-4E4B-B51A-8025E1DFBCA1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E2A3DBFD-6BD6-41B2-AD39-E7EAA6739437}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E4358B6B-96D8-4FDB-B2F3-386FEBE4FF95}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E48BCD84-D53F-494C-9E5A-02B09CB53665}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E4D2AE3F-766F-4AC9-9807-D860D7C6D3FE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E5327DB3-2C40-43C9-9EC7-F556C0824668}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E6B057B6-BB49-417C-8A40-A5C179403874}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E770FB54-C5F2-400C-9F9C-8D23187604DF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E8ACDD6F-719F-47C0-98F0-A10211A56772}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{EC8EA330-ECF0-4FFB-8E82-E7732C6A66AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{ED4E9A6E-FCBB-44DB-AFB9-CC0F5A19CC58}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{EDD92001-8702-4820-AF5D-DBFA1CAEC1D0}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F2ECF226-E3DB-4E02-929B-99BF8AA38606}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F2F944CC-C041-4344-9618-B444236BF185}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F499B186-9663-4635-96D5-65DB78A97166}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F4A8BDA2-E2D8-41A3-A73B-D0266D4B9D8B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F4CA1661-FA21-4F78-8A5E-F380901E741E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{FD38768D-AA1B-438D-B9F8-BF928BCF4376}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{FEBA6471-3AD6-4B74-A9D7-5C2661B4D635}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{FECCAE3D-ECB3-4358-A084-3D9EDDC06689}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.09.2014 at 19:59:14,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on WOLF-PC on 18-09-2014 19:59:30
Running from C:\Users\Administrator\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Thisisu) C:\Users\Administrator\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [] => [X]
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {1f43a026-c5cd-11e0-9ce5-6cf049925e28} - G:\pushinst.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {82215e22-5988-11e0-8644-000272cc02ec} - K:\Setupx.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {cc98b0c0-f97a-11e0-be2d-806e6f6e6963} - G:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60FB5BE5B7ECCB01
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\ADelta.xml
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: PCCSyncFactory - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{D7919E63-B02E-1153-9E5F-DE727E353E59} [2013-12-19]
FF Extension: Heart Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\ffextension@weheartit.com.xpi [2012-05-10]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\Administrator\AppData\Roaming\11001 [2012-03-19]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-17]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe

Chrome: 
=======
CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-18] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-04] (Avira GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:54 - 2014-09-18 19:59 - 00010788 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-18 19:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-18 19:06 - 2014-09-18 19:50 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:35 - 2014-09-18 18:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 18:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:01 - 2014-09-17 22:06 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 19:59 - 2014-09-18 19:59 - 00000000 ____D () C:\FRST
2014-09-17 19:59 - 2014-09-17 20:06 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-13 16:42 - 2014-09-13 16:43 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 14:37 - 2014-09-11 14:57 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 15:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 12:30 - 2014-09-09 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-05 11:43 - 2014-09-08 14:11 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-08-29 19:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 20:53 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 20:53 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 20:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 20:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-19 16:35 - 2014-09-05 20:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:59 - 2014-09-18 19:54 - 00010788 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-18 19:59 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:56 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 19:56 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:51 - 2011-08-13 18:42 - 00163149 _____ () C:\Windows\setupact.log
2014-09-18 19:51 - 2011-08-13 18:41 - 00233326 _____ () C:\Windows\PFRO.log
2014-09-18 19:50 - 2014-09-18 19:06 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:50 - 2011-03-27 20:07 - 01159019 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:36 - 2014-09-18 18:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 22:06 - 2014-09-17 20:01 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:06 - 2014-09-17 19:59 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:55 - 2011-10-23 20:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:53 - 2011-03-28 21:25 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:43 - 2011-08-14 15:23 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-09-17 19:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-17 19:34 - 2011-08-14 15:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-15 15:42 - 2012-04-27 13:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 17:11 - 2011-03-27 20:35 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 16:43 - 2014-09-13 16:42 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 16:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 14:57 - 2014-09-11 14:37 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:35 - 2013-08-08 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 14:34 - 2014-08-10 16:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:34 - 2013-04-05 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:34 - 2013-04-05 14:35 - 00000000 ____D () C:\Program Files\Avira
2014-09-10 15:23 - 2011-03-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:06 - 2011-03-28 23:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 14:12 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-09 12:30 - 2014-06-16 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\gut
2014-09-08 14:11 - 2014-09-05 11:43 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-09-05 20:09 - 2014-08-19 16:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-30 14:09 - 2009-07-14 06:33 - 02416904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 13:56 - 2012-06-21 16:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-24 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-23 03:46 - 2014-08-29 19:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-29 19:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-20 14:42 - 2011-08-13 19:18 - 211386464 _____ () C:\Windows\MEMORY.DMP
2014-08-20 14:42 - 2011-08-13 19:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-19 19:39 - 2014-09-10 15:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 17:11 - 2011-10-12 11:54 - 00000000 ____D () C:\Users\Administrator\.gimp-2.6
2014-08-19 00:26 - 2014-09-10 15:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-10 15:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\SIntf16.dll
C:\Users\Administrator\AppData\Local\Temp\SIntf32.dll
C:\Users\Administrator\AppData\Local\Temp\SIntfNT.dll
C:\Users\Administrator\AppData\Local\Temp\tbuTor.dll
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-08-27 22:41

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 19.09.2014, 10:50   #4
schrauber
/// the machine
/// TB-Ausbilder
 

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2014, 22:07   #5
sundaytrain
 
ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c7d7ce63f261bc449b99d65e158a9ed1
# engine=20232
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2014-09-19 06:33:53
# local_time=2014-09-19 08:33:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 93475 155654407 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 37589776 162782824 0 0
# scanned=229403
# found=30
# cleaned=0
# scan_time=5064
sh=A7C95FD3F6B65F27755CBEC812DF32029A102020 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\prefs_18_09_2014_19_50_11.js"
sh=2550AA985F7FA25EC09949903BCBBF16D7A3E121 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\invalidprefs.js.vir"
sh=3CA954D939594770595C57C933BFD509BF80684A ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\user.js.vir"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=7D46D39AEE256EED7AB0AA6EF0E9A422831C01DC ft=1 fh=5623ddb773ac081b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Program Files\FreeYouTubeToMP3Converter5628.exe"
sh=B3AF5A564682593BC3BCAB06F133942F2DCDCF72 ft=0 fh=0000000000000000 vn="HTML/Ransom.B Trojaner" ac=I fn="C:\ProgramData\nzzklwbnbveeryt\main.html"
sh=AC76360969B4C1DEABBF392242705FF7A8BF5922 ft=0 fh=0000000000000000 vn="Win32/bProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C54B8NJ4\pack[1].7z"
sh=3893C701FC34D1821AD7219306ECFBD1EDE3AF8F ft=0 fh=0000000000000000 vn="Variante von Win32/bProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C54B8NJ4\pack[2].7z"
sh=93D7AD0FC7A7EC62E220FBD9A5501C61B0743EC9 ft=0 fh=0000000000000000 vn="Win32/bProtector.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C54B8NJ4\pack[3].7z"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRPBR5HQ\ApnIC[1].0"
sh=B828F25BC53E9F7F550C99FF76F6C98A579D90DD ft=0 fh=0000000000000000 vn="Win32/bProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRPBR5HQ\pack[1].7z"
sh=CDAF70367608E1F69C3D41A408A4948ECF94412B ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Temp\~nsu.tmp\nsfC078.tmp"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Temp\tbuTor.dll"
sh=B636474A8E79343C460A8845754EECB721E657A5 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.DO Trojaner" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\162e0902-738db15c"
sh=5C723F16EF625D81C6D92F3BEA4354EB76D90138 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\10f6c1e0-11fdbb43"
sh=6965057F60010BBF9E03E1F3FA5F69362F73817C ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.QQD Trojaner" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\7cebedbd-58c65d39"
sh=0B273B8F6708D9E5F08A79F32838E88FEDD3079A ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\prefs.js"
sh=3DE38703FE86170F8319BFC70367FB87DF691728 ft=1 fh=de0cba27e1789651 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\Documents\MAGIX Downloads\Installationsmanager\Video_deluxe_2014_DLV_de-DE_130823_15-58_13_0_0_30.exe"
sh=08BF6F871199BCDB95F0361EC920DF406BD3597A ft=1 fh=c0776f02905eb6da vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\Documents\avira_free_antivirus_de.exe"
sh=897FD37A4F97BA9BBC92108AA1FB16C970EACBF0 ft=1 fh=58662848aaacab1c vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\Downloads\FreeYouTubeDownload_3.1.42.1212.exe"
sh=44A7AE70AA7AC181E962591F263CFA55C823B4FC ft=1 fh=cf972a16567b49c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\Downloads\Shockwave_Installer_Slim.exe"
sh=B3AF5A564682593BC3BCAB06F133942F2DCDCF72 ft=0 fh=0000000000000000 vn="HTML/Ransom.B Trojaner" ac=I fn="C:\Users\All Users\nzzklwbnbveeryt\main.html"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2DB74LS\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQ3JOGQ1\ApnIC[1].0"
sh=9982D0D388B2A114551373D690AAA9E46DA5387B ft=1 fh=05a5d4a1a2239f3c vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="E:\wasistdas\magix_video_deluxe_2014_188mb_chip_de.exe"
sh=B001F7D0F1F9A7E61C5499E5C8350F497B5A3E18 ft=1 fh=2a21627c0d99789c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="G:\Kata\Fotos\Blog\wierd stuff\DTLite4413-0173.exe"
sh=3DE38703FE86170F8319BFC70367FB87DF691728 ft=1 fh=de0cba27e1789651 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="G:\PC save\MAGIX Downloads\Installationsmanager\Video_deluxe_2014_DLV_de-DE_130823_15-58_13_0_0_30.exe"
         

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2011   
 TuneUp Utilities Language Pack (de-DE) 
 Java(TM) 6 Update 24  
 Java version out of Date! 
 Adobe Flash Player 	14.0.0.179  
 Mozilla Firefox (32.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on WOLF-PC on 19-09-2014 21:30:38
Running from C:\Users\Administrator\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Users\Administrator\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [] => [X]
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {1f43a026-c5cd-11e0-9ce5-6cf049925e28} - G:\pushinst.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {82215e22-5988-11e0-8644-000272cc02ec} - K:\Setupx.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {cc98b0c0-f97a-11e0-be2d-806e6f6e6963} - G:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60FB5BE5B7ECCB01
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\ADelta.xml
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: PCCSyncFactory - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{D7919E63-B02E-1153-9E5F-DE727E353E59} [2013-12-19]
FF Extension: Heart Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\ffextension@weheartit.com.xpi [2012-05-10]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\Administrator\AppData\Roaming\11001 [2012-03-19]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-17]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe

Chrome: 
=======
CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-18] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-04] (Avira GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 21:27 - 2014-09-19 21:27 - 00854417 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner
2014-09-19 18:59 - 2014-09-19 18:59 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_deu.exe
2014-09-19 18:59 - 2014-09-19 18:59 - 00000000 ____D () C:\Program Files\ESET
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:54 - 2014-09-19 21:31 - 00010922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-18 19:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-18 19:06 - 2014-09-18 19:50 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:35 - 2014-09-18 18:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 18:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:01 - 2014-09-17 22:06 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 19:59 - 2014-09-19 21:30 - 00000000 ____D () C:\FRST
2014-09-17 19:59 - 2014-09-17 20:06 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-13 16:42 - 2014-09-13 16:43 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 14:37 - 2014-09-11 14:57 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 15:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 12:30 - 2014-09-09 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-05 11:43 - 2014-09-08 14:11 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-08-29 19:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 20:53 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 20:53 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 20:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 20:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 21:31 - 2014-09-18 19:54 - 00010922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-19 21:30 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-19 21:28 - 2011-10-23 20:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-09-19 21:27 - 2014-09-19 21:27 - 00854417 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-09-19 21:24 - 2011-08-13 18:42 - 00163429 _____ () C:\Windows\setupact.log
2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner
2014-09-19 19:03 - 2011-03-27 20:35 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 18:59 - 2014-09-19 18:59 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_deu.exe
2014-09-19 18:59 - 2014-09-19 18:59 - 00000000 ____D () C:\Program Files\ESET
2014-09-19 18:47 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 18:47 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 22:00 - 2011-03-27 20:07 - 01195533 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:51 - 2011-08-13 18:41 - 00233326 _____ () C:\Windows\PFRO.log
2014-09-18 19:50 - 2014-09-18 19:06 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:36 - 2014-09-18 18:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 22:06 - 2014-09-17 20:01 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:06 - 2014-09-17 19:59 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:53 - 2011-03-28 21:25 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:43 - 2011-08-14 15:23 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-09-17 19:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-17 19:34 - 2011-08-14 15:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-15 15:42 - 2012-04-27 13:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-13 16:43 - 2014-09-13 16:42 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 16:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 14:57 - 2014-09-11 14:37 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:35 - 2013-08-08 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 14:34 - 2014-08-10 16:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:34 - 2013-04-05 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:34 - 2013-04-05 14:35 - 00000000 ____D () C:\Program Files\Avira
2014-09-10 15:23 - 2011-03-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:06 - 2011-03-28 23:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 14:12 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-09 12:30 - 2014-06-16 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\gut
2014-09-08 14:11 - 2014-09-05 11:43 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-09-05 20:09 - 2014-08-19 16:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-30 14:09 - 2009-07-14 06:33 - 02416904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 13:56 - 2012-06-21 16:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-24 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-23 03:46 - 2014-08-29 19:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-29 19:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-20 14:42 - 2011-08-13 19:18 - 211386464 _____ () C:\Windows\MEMORY.DMP
2014-08-20 14:42 - 2011-08-13 19:18 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\SIntf16.dll
C:\Users\Administrator\AppData\Local\Temp\SIntf32.dll
C:\Users\Administrator\AppData\Local\Temp\SIntfNT.dll
C:\Users\Administrator\AppData\Local\Temp\tbuTor.dll
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-08-27 22:41

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Dankeschön für die Hilfe! Wird sich zeigen ob es sich verbessert hat, den Alarm beim Papierkorb durchsuchen kriege ich zumindest nicht mehr!


Alt 20.09.2014, 16:22   #6
schrauber
/// the machine
/// TB-Ausbilder
 

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\All Users\nzzklwbnbveeryt
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
--> ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen

Alt 21.09.2014, 14:19   #7
sundaytrain
 
ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



Alles erledigt.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Administrator at 2014-09-21 14:00:47 Run:1
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\All Users\nzzklwbnbveeryt
*****************

C:\Users\All Users\nzzklwbnbveeryt => Moved successfully.

==== End of Fixlog ====
         

Code:
ATTFilter
Farbar Service Scanner Version: 21-07-2014
Ran by Administrator (administrator) on 21-09-2014 at 14:14:42
Running from "C:\Users\Administrator\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
         

Alt 22.09.2014, 10:27   #8
schrauber
/// the machine
/// TB-Ausbilder
 

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.




Frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.09.2014, 16:56   #9
sundaytrain
 
ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 (ATTENTION: ====> FRST version is 11 days old and could be outdated)
Ran by Administrator (administrator) on WOLF-PC on 23-09-2014 16:45:17
Running from C:\Users\Administrator\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [] => [X]
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {1f43a026-c5cd-11e0-9ce5-6cf049925e28} - G:\pushinst.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {82215e22-5988-11e0-8644-000272cc02ec} - K:\Setupx.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {cc98b0c0-f97a-11e0-be2d-806e6f6e6963} - G:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60FB5BE5B7ECCB01
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\ADelta.xml
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: PCCSyncFactory - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{D7919E63-B02E-1153-9E5F-DE727E353E59} [2013-12-19]
FF Extension: Heart Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\ffextension@weheartit.com.xpi [2012-05-10]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\Administrator\AppData\Roaming\11001 [2012-03-19]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-17]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe

Chrome: 
=======
CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-18] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-04] (Avira GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 20:39 - 2014-09-22 20:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOLF-PC-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-09-22 20:39 - 2014-09-22 20:39 - 00000000 ____D () C:\RegBackup
2014-09-22 17:00 - 2014-09-22 17:00 - 00003392 ____N () C:\bootsqm.dat
2014-09-22 16:52 - 2014-09-22 16:52 - 00002117 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-22 16:52 - 2014-09-22 16:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-22 16:52 - 2014-09-22 16:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-22 16:51 - 2014-09-22 16:51 - 09700040 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-21 15:51 - 2014-09-21 15:51 - 00638464 _____ () C:\Windows\Minidump\092114-28048-01.dmp
2014-09-21 15:46 - 2014-09-21 15:29 - 803108864 _____ () C:\Users\Administrator\Desktop\mooom.MPG
2014-09-21 14:14 - 2014-09-21 14:14 - 00003002 _____ () C:\Users\Administrator\Downloads\FSS.txt
2014-09-21 14:13 - 2014-09-21 14:13 - 00415232 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2014-09-21 14:02 - 2014-09-21 14:02 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
2014-09-21 13:59 - 2014-09-21 13:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-09-21 13:53 - 2014-09-21 13:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-21 13:53 - 2014-09-21 13:52 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-21 13:52 - 2014-09-21 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-21 13:51 - 2014-09-21 13:51 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall(1).exe
2014-09-21 13:41 - 2014-09-21 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-21 13:35 - 2014-09-21 13:35 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe
2014-09-20 10:13 - 2014-09-21 13:34 - 00000000 ____D () C:\Program Files\Firefox
2014-09-19 21:27 - 2014-09-19 21:27 - 00854417 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-09-19 18:59 - 2014-09-19 18:59 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_deu.exe
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:54 - 2014-09-23 16:45 - 00010752 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-18 19:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-18 19:06 - 2014-09-18 19:50 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:35 - 2014-09-18 18:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 18:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:01 - 2014-09-17 22:06 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 19:59 - 2014-09-23 16:45 - 00000000 ____D () C:\FRST
2014-09-17 19:59 - 2014-09-17 20:06 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-11 14:37 - 2014-09-11 14:57 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 15:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 12:30 - 2014-09-09 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-05 11:43 - 2014-09-23 16:48 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-08-29 19:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 16:52 - 2014-09-18 19:54 - 00010752 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-23 16:48 - 2014-09-05 11:43 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-09-23 16:45 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-23 16:45 - 2011-10-23 20:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-09-23 16:27 - 2012-05-10 15:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 16:27 - 2012-05-08 15:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 16:27 - 2011-08-30 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 16:10 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 16:10 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 16:05 - 2011-03-27 20:35 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 16:02 - 2011-03-28 21:44 - 00149944 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 16:01 - 2011-08-13 18:42 - 00165943 _____ () C:\Windows\setupact.log
2014-09-23 16:01 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-23 16:01 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 16:01 - 2009-07-14 06:33 - 02416904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-23 16:00 - 2011-08-13 18:41 - 00234466 _____ () C:\Windows\PFRO.log
2014-09-23 16:00 - 2009-07-14 10:56 - 00000000 ____D () C:\Windows\CSC
2014-09-22 20:48 - 2011-03-27 20:07 - 01358487 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 20:39 - 2014-09-22 20:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOLF-PC-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-09-22 20:39 - 2014-09-22 20:39 - 00000000 ____D () C:\RegBackup
2014-09-22 17:00 - 2014-09-22 17:00 - 00003392 ____N () C:\bootsqm.dat
2014-09-22 16:52 - 2014-09-22 16:52 - 00002117 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-22 16:52 - 2014-09-22 16:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-22 16:52 - 2014-09-22 16:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-22 16:51 - 2014-09-22 16:51 - 09700040 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-21 15:51 - 2014-09-21 15:51 - 00638464 _____ () C:\Windows\Minidump\092114-28048-01.dmp
2014-09-21 15:51 - 2012-04-27 13:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-21 15:51 - 2011-08-13 19:18 - 180539632 _____ () C:\Windows\MEMORY.DMP
2014-09-21 15:51 - 2011-08-13 19:18 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 15:29 - 2014-09-21 15:46 - 803108864 _____ () C:\Users\Administrator\Desktop\mooom.MPG
2014-09-21 14:14 - 2014-09-21 14:14 - 00003002 _____ () C:\Users\Administrator\Downloads\FSS.txt
2014-09-21 14:13 - 2014-09-21 14:13 - 00415232 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2014-09-21 14:02 - 2014-09-21 14:02 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
2014-09-21 13:59 - 2014-09-21 13:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-09-21 13:53 - 2014-09-21 13:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-21 13:53 - 2014-09-21 13:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-21 13:52 - 2014-09-21 13:53 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-21 13:52 - 2014-09-21 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-21 13:52 - 2011-03-27 23:00 - 00000000 ____D () C:\Program Files\Java
2014-09-21 13:51 - 2014-09-21 13:51 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall(1).exe
2014-09-21 13:35 - 2014-09-21 13:35 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe
2014-09-21 13:34 - 2014-09-20 10:13 - 00000000 ____D () C:\Program Files\Firefox
2014-09-19 21:27 - 2014-09-19 21:27 - 00854417 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-09-19 18:59 - 2014-09-19 18:59 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_deu.exe
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:50 - 2014-09-18 19:06 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:36 - 2014-09-18 18:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 22:06 - 2014-09-17 20:01 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:06 - 2014-09-17 19:59 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:53 - 2011-03-28 21:25 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:43 - 2011-08-14 15:23 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-09-17 19:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-17 19:34 - 2011-08-14 15:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-11 16:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 14:57 - 2014-09-11 14:37 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:35 - 2013-08-08 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 14:34 - 2014-08-10 16:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:34 - 2013-04-05 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:34 - 2013-04-05 14:35 - 00000000 ____D () C:\Program Files\Avira
2014-09-10 15:23 - 2011-03-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:06 - 2011-03-28 23:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 14:12 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-09 12:30 - 2014-06-16 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\gut
2014-09-05 20:09 - 2014-08-19 16:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-29 13:56 - 2012-06-21 16:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-24 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-23 16:43

==================== End Of Log ============================
         
--- --- ---



Bisher keine weiteren Vorfälle.

Alt 24.09.2014, 11:38   #10
schrauber
/// the machine
/// TB-Ausbilder
 

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.09.2014, 19:50   #11
sundaytrain
 
ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



Alles paletti, wunderbar!
Nochmals tausend Dank für die rasante Unterstützung.

Alt 26.09.2014, 13:20   #12
schrauber
/// the machine
/// TB-Ausbilder
 

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Standard

ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen
adware entfernen, adware/bprotector.c, adware/multiplug.aob, dvdvideosoft ltd., fehlercode 0x40000015, fehlercode 0x80000003, fehlercode 0xc0000005, html/ransom.b, java/exploit.agent.qqd, java/exploit.cve-2012-1723.do, js/securitydisabler.a.gen, lws.exe, tr/drop.rotbrow.k, tracker, win32/bprotector.a, win32/bprotector.f, win32/bprotector.j, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.g, win32/bundled.toolbar.google.d, win32/toolbar.conduit, win32/toolbar.conduit.b



Ähnliche Themen: ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen


  1. Virenfund durch Virenscanner (Adware + TR/CRYPT.ZPACK+PUA/Multiplug)
    Log-Analyse und Auswertung - 22.05.2015 (12)
  2. Viren (APPL/RedCap (Cloud), SPR/Agent.dkb, TR/Drop.Rotbrow.K.1, ADWARE/InstallCore.Gen7 und zweimal ADWARE/BHO.Bprotector.1.4).
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (7)
  3. Win 7/32 bit - Avira findet adware/multiplug.gen4 + Firefox stürzt immer ab
    Plagegeister aller Art und deren Bekämpfung - 20.01.2015 (13)
  4. Win7 (64 bit), Avira-Meldung: adware/multiplug.gen4
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (9)
  5. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  6. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  7. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  8. adware/browsefox.dac.1 (wie lässt sich diese lästige Adware entfernen?)
    Log-Analyse und Auswertung - 21.02.2014 (13)
  9. adware/bprotector.E
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (26)
  10. Win-7: Adware / Virus entfernen - Virenscanner inaktiv - Weiterleitung auf Adware Webseite
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (12)
  11. Systemabsturz nach Entfernen des Programms "ADWARE/BProtector.E" mit Avira
    Log-Analyse und Auswertung - 05.12.2013 (15)
  12. Systemabsturz nach Entfernen des Programms "ADWARE/BProtector.E" mit Avira
    Log-Analyse und Auswertung - 04.12.2013 (6)
  13. ADWARE/BProtector.E
    Log-Analyse und Auswertung - 03.12.2013 (13)
  14. "Gen:Variant.Adware.BHO.Bprotector.1 (B)" entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (9)
  15. Mozilla Firefox: Win32/Adware.MultiPlug.H application
    Log-Analyse und Auswertung - 19.05.2013 (17)
  16. Absturz Firefox und Funde ADWARE/InstallMat.D, TR/Barys.443.5, ADWARE/Adware.Gen6
    Log-Analyse und Auswertung - 03.01.2013 (19)
  17. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)

Zum Thema ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen - Hallo liebe Helfer, Mein Avira schlägt in letzter Zeit oft Alarm und ist offenbar nicht fähig, die Viren restlos zu entfernen. Zuletzt kam ein Sicherheitshinweis als ich eine Datei im - ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen...
Archiv
Du betrachtest: ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.