Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
PUP.PSWTOOL.ProduktKey

PUP.PSWTOOL.ProduktKey


Log-Analyse und Auswertung: PUP.PSWTOOL.ProduktKey

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 05.10.2014, 10:23   #1
easily
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Hallo,
ich hoffe auf eure Hilfe und bedanke mich schon mal im voraus für euren Einsatz.
Ich habe das Malewarebytes Program laufen lassen und er hat promt was in Quarantäne verschoben. Meine Frage ist, kann ich die alle problemlos löschen ohne das mein PC irgendwelche Nebenwirkungen bekommt und sind die dann auch ganz vom PC verschwunden oder muß ich noch was zusätzlich machen. Hier ist das was Maleware fand.

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.10.2014
Suchlauf-Zeit: 08:35:07
Logdatei: Malewarebytes.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.05.02
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS


Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 5
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccleaner.exe, In Quarantäne, [6223ca25c7b486b077c9982aa85bd927],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [ee9713dcb0cb69cddf0cc35a44bf9070],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [bfc65f901665cd698cb7c9558e75c040],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-1561620852-2818437426-4211308335-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [c0c5ac439ae138fe5c241a45dc2809f7],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1561620852-2818437426-4211308335-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [b2d34aa5bdbee056c67c0d11bd46ab55],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 7
PUP.Optional.OpenCandy, C:\Users\Koegel\AppData\Roaming\OpenCandy, In Quarantäne, [691c519e562555e139b2687923dfc838],
PUP.Optional.OpenCandy, C:\Users\Koegel\AppData\Roaming\OpenCandy\B12E3A289D7B4261BA2C40A97BE6E63A, In Quarantäne, [691c519e562555e139b2687923dfc838],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice\de, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.SystemSpeedup, C:\Users\Koegel\AppData\Roaming\systweak\ssd, In Quarantäne, [493c599659224fe7d0cd4eacc1414fb1],

Dateien: 38
PUP.Optional.OpenCandy.A, C:\Users\Koegel\AppData\Roaming\OpenCandy\B12E3A289D7B4261BA2C40A97BE6E63A\Setupsft_chr_p1v7.exe, In Quarantäne, [e5a0925d0e6d4ee8b69d687fc44003fd],
PUP.PSWTool.ProductKey, C:\Users\Koegel\Downloads\produkey-1.66.zip, In Quarantäne, [84010ae52f4c8da9dceaff685aa6a45c],
PUP.Optional.Koyote.A, C:\Users\Koegel\Downloads\FreeMp3WmaConverterSetup-r0-n-bf.exe, In Quarantäne, [f095658ad4a70630198cce846f92b050],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\German_rcp.dat, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_06-12-2014.log, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\RCPscanlog.xml, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\rcpupdate.ini, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.RegCleanerPro.A, C:\Users\Koegel\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, In Quarantäne, [f78ebe31017a73c33e29edf5ca38718f],
PUP.Optional.SystemSpeedup, C:\Users\Koegel\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantäne, [493c599659224fe7d0cd4eacc1414fb1],
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.admin", false), Ersetzt,[ee97856a2d4e74c295a155f2df26d42c]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.aflt", "OC"), Ersetzt,[93f2539cb6c5c96dfa3c3e099d68bf41]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"), Ersetzt,[592c3ab5443771c539fd182ff90cb749]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.autoRvrt", "false"), Ersetzt,[2a5bce21413a1a1cd56191b6b5508d73]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltLng", "de"), Ersetzt,[b9cc539cc6b5aa8c36003b0c19ec19e7]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltSrch", true), Ersetzt,[c5c0757ae497cd69a393252258ad10f0]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dnsErr", true), Ersetzt,[3550747b5c1fa690ec4ae7609f664ab6]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.excTlbr", false), Ersetzt,[7213bd321a6152e446f0d770887dd52b]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.ffxUnstlRst", false), Ersetzt,[95f089667efd1a1cb383a7a07d88e917]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpg", true), Ersetzt,[7411717e8eede55185b1af989a6bcb35]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=e0efec4f0000000000000014856d7514"), Ersetzt,[f68f37b8d6a5b185b383a3a4e12452ae]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.id", "e0efec4f0000000000000014856d7514"), Ersetzt,[89fcaa456417ce68f64054f3d72ed927]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlDay", "16043"), Ersetzt,[a5e0faf5aad11422290d4cfb60a5ad53]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlRef", "MOY00621"), Ersetzt,[d0b5628d02792e080d2902457c898779]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTab", true), Ersetzt,[2d580ce3611a1a1c6bcb7bccec1950b0]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=e0efec4f0000000000000014856d7514"), Ersetzt,[9aebab4498e3a29472c430179a6b6799]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prdct", "Softonic"), Ersetzt,[077ec52ae992a98dcc6a88bf986db050]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prtnrId", "softonic"), Ersetzt,[c0c537b8126980b68fa7d37426dfd12f]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.rvrt", "false"), Ersetzt,[bcc9f3fcb3c8d06661d51d2a56af32ce]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.smplGrp", "none"), Ersetzt,[c9bcc926dc9f7abc80b683c41ee7966a]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"), Ersetzt,[85006b841665f73ff93d291e2bdaba46]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrId", "opencandy2013"), Ersetzt,[2164bd325d1eb284da5cfe4964a103fd]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=e0efec4f0000000000000014856d7514&q="), Ersetzt,[572e3fb0fa81d85e66d0d5721aeb1ae6]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsn", "1.8.21.14"), Ersetzt,[e99c37b85b20d6606bcb4403a56030d0]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsnTs", "1.8.21.1416:38:07"), Ersetzt,[92f3a34c007bbc7a78be50f73bca728e]
PUP.Optional.Softonic.A, C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsni", "1.8.21.14"), Ersetzt,[d6af7778c9b25fd71a1cfa4da0658a76]

Physische Sektoren: 0
(No malicious items detected)


(end)

Alt 05.10.2014, 10:37   #2
schrauber
/// the machine
/// TB-Ausbilder
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 05.10.2014, 12:42   #3
easily
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Sorry das ich dir erst jetzt antworte,
muss auch noch dazu sagen, das mein PC ganz normal läuft und ich nur mal so das Malewarebytes habe laufen lassen. Vielleicht liegt`s am Adblock Plus das nichts schlimmeres passierte,oder sind das "Zecken" die mich nur auf andere Webseiten lenken wollten?

Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-09] (Microsoft Corporation)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\express.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nvstlink.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nvstview.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = News - Service - Shopping bei t-online.de
SearchScopes: HKCU - DefaultScope {C6CBAD42-930C-4027-99A8-E54866EFB65F} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=e0efec4f0000000000000014856d7514&r=359
SearchScopes: HKCU - {C6CBAD42-930C-4027-99A8-E54866EFB65F} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=e0efec4f0000000000000014856d7514&r=359
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Homepage: freenet.de - E-Mail, Singles, Nachrichten & Services
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\user.js
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\de_DE@dicts.j3e.de [2014-09-18]
FF Extension: YouTube Unblocker - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\youtubeunblocker@unblocker.yt [2014-04-05]
FF Extension: Garmin Communicator - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-08-10]
FF Extension: WOT - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Click to Play per-element - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2013-11-18]
FF Extension: Ghostery - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\firefox@ghostery.com.xpi [2014-04-27]
FF Extension: Flagfox - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-08-27]
FF Extension: ImTranslator - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-04-05]
FF Extension: Adblock Plus - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-08]
FF Extension: BetterPrivacy - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-27]
FF Extension: QuickJava - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\extensions\cliqz@cliqz.com

Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefi xUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Docs) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21]
CHR Extension: (Google Drive) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]
CHR Extension: (YouTube) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]
CHR Extension: (Google-Suche) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]
CHR Extension: (RealDownloader) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]
CHR Extension: (Google Mail) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-05] (AVAST Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 13:14 - 2014-10-05 13:15 - 00014423 _____ () C:\Users\Koegel\Downloads\FRST.txt
2014-10-05 13:14 - 2014-10-05 13:14 - 00000000 ____D () C:\FRST
2014-10-05 13:12 - 2014-10-05 13:13 - 01100800 _____ (Farbar) C:\Users\Koegel\Downloads\FRST.exe
2014-10-05 10:15 - 2014-10-05 10:15 - 00011011 _____ () C:\Malewarebytes.txt
2014-10-05 08:26 - 2014-10-05 08:26 - 00001024 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-05 08:26 - 2014-10-05 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-05 08:25 - 2014-10-05 08:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-05 08:21 - 2014-10-05 08:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Koegel\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-04 19:57 - 2014-10-04 19:57 - 00014816 _____ () C:\Users\Koegel\Documents\Strom sparen am pc.odt
2014-10-04 16:47 - 2014-10-04 16:47 - 00115288 _____ () C:\Users\Koegel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-04 09:10 - 2014-10-05 12:27 - 00007018 _____ () C:\Windows\PFRO.log
2014-10-04 09:10 - 2014-10-05 12:27 - 00000280 _____ () C:\Windows\setupact.log
2014-10-04 09:10 - 2014-10-04 09:10 - 00436552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-04 09:10 - 2014-10-04 09:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 08:58 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-28 13:28 - 2014-09-28 13:28 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CdCoverCreator
2014-09-28 13:27 - 2014-09-28 13:27 - 02831657 _____ () C:\Users\Koegel\Downloads\CdCoverCreator-Setup-2.5.3_CB-DL-Manager [1].exe
2014-09-28 13:25 - 2014-09-28 13:25 - 00816064 _____ ( ) C:\Users\Koegel\Downloads\CdCoverCreator-Setup-2.5.3_CB-DL-Manager.exe
2014-09-28 07:49 - 2014-09-28 07:58 - 00185719 _____ () C:\Users\Koegel\Desktop\Test Cover.cedprj
2014-09-27 22:00 - 2014-09-27 22:00 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\Ashampoo Cover Studio
2014-09-27 21:59 - 2014-09-27 21:59 - 00001152 _____ () C:\Users\Public\Desktop\Ashampoo Cover Studio.lnk
2014-09-27 21:47 - 2014-09-27 21:47 - 17091736 _____ (ashampoo GmbH & Co. KG ) C:\Users\Koegel\Downloads\ashampoo_cover_studio_101_5870.exe
2014-09-27 20:07 - 2014-09-27 20:08 - 00000000 ____D () C:\Users\Koegel\Documents\für R
2014-09-24 16:59 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-21 10:59 - 2014-09-21 11:00 - 01508995 _____ () C:\Users\Koegel\Downloads\LAME3.99.5.zip
2014-09-21 10:03 - 2014-10-03 17:09 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\MusicBee
2014-09-21 10:01 - 2014-09-21 10:02 - 00000000 ____D () C:\Program Files\MusicBee
2014-09-21 10:01 - 2014-09-21 10:01 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-09-21 10:00 - 2014-09-21 10:00 - 15526961 _____ () C:\Users\Koegel\Downloads\MusicBeeSetup_2_4_CB-DL-Manager [1].exe
2014-09-21 09:58 - 2014-09-21 09:58 - 00816064 _____ ( ) C:\Users\Koegel\Downloads\MusicBeeSetup_2_4_CB-DL-Manager.exe
2014-09-14 19:06 - 2014-09-21 10:02 - 00000929 _____ () C:\Users\Koegel\Desktop\MusicBee.lnk
2014-09-14 19:05 - 2014-09-14 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-09-13 08:47 - 2014-09-13 08:47 - 00011863 _____ () C:\Users\Koegel\Documents\Einstellungen von Firefox und Apps.odt
2014-09-11 13:48 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 13:48 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 13:48 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 13:48 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 13:48 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 13:48 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 13:48 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 13:48 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 13:48 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 13:48 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 13:48 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 13:48 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 13:48 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 13:48 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 13:48 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 13:48 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 13:48 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 13:48 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 13:48 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 13:48 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 13:48 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 13:48 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 13:48 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 13:48 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 13:48 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 13:48 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 13:48 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 13:48 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 13:48 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 13:48 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 13:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 13:24 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 13:24 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 13:24 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 13:24 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 13:21 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 13:21 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-07 18:32 - 2014-09-07 18:32 - 01101648 _____ () C:\Users\Koegel\Downloads\Firefox - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 13:06 - 2013-11-07 19:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-05 13:03 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 13:03 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 12:32 - 2013-11-07 11:33 - 02004287 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 12:27 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 09:31 - 2014-06-12 20:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 09:20 - 2014-06-12 15:56 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\systweak
2014-10-03 16:41 - 2014-08-26 07:10 - 00000000 ____D () C:\Users\Koegel\AppData\Local\Windows Live
2014-09-28 06:17 - 2013-11-07 18:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 21:59 - 2014-02-19 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-09-27 21:59 - 2014-02-19 13:43 - 00000000 ____D () C:\Program Files\Ashampoo
2014-09-27 20:09 - 2013-12-22 19:32 - 00023040 _____ () C:\Users\Koegel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-27 18:01 - 2014-05-10 11:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-27 10:33 - 2014-07-09 11:57 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\MediaMonkey
2014-09-26 13:19 - 2013-11-07 11:42 - 01618600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 17:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-22 21:16 - 2013-12-14 14:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2009-10-14 04:21 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 18:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 15:51 - 2014-07-22 08:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-11 18:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 13:51 - 2013-11-07 11:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 13:47 - 2013-11-08 21:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 13:40 - 2009-10-14 04:21 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 13:39 - 2014-05-06 07:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 19:08 - 2013-11-07 19:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 19:08 - 2013-11-07 19:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-07 21:57 - 2013-11-07 18:43 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-10-2014 01
Ran by KOEGEL at 2014-10-05 13:16:51
Running from C:\Users\Koegel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Cover Studio 1.01 (HKLM\...\Ashampoo Cover Studio_is1) (Version: 1.0.1 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 11 (HKLM\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.1.6 - Ashampoo GmbH & Co. KG)
avast! Internet Security (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Lab Inc.)
Free MP4 Video Converter version 5.0.46.820 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Garmin MapInstall (HKLM\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
Java 8 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (Version: 2.8.20.26 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\MPEG4E) (Version: - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MusicBee 2.4 (HKLM\...\MusicBee) (Version: 2.4 - Steven Mayall)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
paint.net 4.0 Pre-Release (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C3289}) (Version: 4.0.0 - dotPDN LLC)
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
SIW 2013 Home Edition (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2013.05.14 - Topala Software Solutions)
SurfMusik 3.1 (HKLM\...\SurfMusik 3.1_is1) (Version: 3.1 - Marcus Schmitt)
SurfMusik 3.1a (HKLM\...\SurfMusik 3.1a_is1) (Version: 3.1a - Marcus Schmitt)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - )
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 0.9.4 (HKLM\...\VLC media player) (Version: 0.9.4 - VideoLAN Team)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1561620852-2818437426-4211308335-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Koegel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1561620852-2818437426-4211308335-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Koegel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1561620852-2818437426-4211308335-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Koegel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1561620852-2818437426-4211308335-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Koegel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

01-10-2014 06:58:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03D313D3-2E84-45D7-947D-4CBD02560BEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {437F9675-AB7C-4CC5-A702-A624CC506376} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {529380DD-1309-4F19-AF03-325778B75D17} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1561620852-2818437426-4211308335-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {5E33E131-59DC-4988-8BF7-79FB1F80DA2F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1561620852-2818437426-4211308335-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {77BB507F-ED6D-40BA-BBBC-8CE1FB423347} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-30] (Oracle Corporation)
Task: {89B71518-50A6-4AE2-BC5F-562C34C5153E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1561620852-2818437426-4211308335-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {971E3A99-36A6-451D-B435-8906B75A796F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {ACEBB14A-0F82-405B-B696-AA3582C07403} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1561620852-2818437426-4211308335-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {BCE62E25-CA88-4CB7-98EA-B3E221B9DCB1} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\Update\realsched.exe
Task: {D47C7638-8AFC-4D3C-927F-BF473AD664EB} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {D6FEC2F8-32BA-4229-87F6-6E4CDB7824EF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1561620852-2818437426-4211308335-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E3FABCD1-ACC3-4D19-9340-B855212FF749} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {F9A4541A-30B8-49E0-B6C1-B84AB63C6A62} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-05] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-09 07:14 - 2013-12-19 20:37 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-05 16:35 - 2014-07-05 16:35 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-05 07:48 - 2014-10-05 07:48 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100401\algo.dll
2014-10-05 12:29 - 2014-10-05 12:29 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100500\algo.dll
2014-07-05 16:35 - 2014-07-05 16:35 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-05-10 11:08 - 2014-09-27 18:01 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Koegel\Downloads\tune up Referenz-Nr_49073605_Zahlungsi_nformationen_f_r_Produkte_von_AV_G_Ecommerce_CY_Ltd.eml:OECustomProperty
AlternateDataStreams: C:\Users\Koegel\Downloads\WG_Kleine_Freunde.eml:OECustomProperty
AlternateDataStreams: C:\Users\Koegel\Documents\Janitos Rechnungsformular.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Koegel\Documents\Janitos Rechnungsformular.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Koegel\Documents\Rechn. für. Prof. Zahnr..jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Koegel\Documents\Rechn. für. Prof. Zahnr..jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

========================= Accounts: ==========================



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2014 06:48:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm winamp.exe, Version 5.6.6.3516 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ec

Startzeit: 01cfdad6f8750bd2

Endzeit: 63

Anwendungspfad: C:\Program Files\Winamp\winamp.exe

Berichts-ID: a0850a75-46ca-11e4-adc9-0014856d7514

Error: (09/01/2014 06:30:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm MediaMonkey (non-skinned).exe, Version 4.1.4.1709 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ee8

Startzeit: 01cfc5f0ae8bea56

Endzeit: 470

Anwendungspfad: C:\Program Files\MediaMonkey\MediaMonkey (non-skinned).exe

Berichts-ID: a3314e3b-31f4-11e4-a4a9-0014856d7514

Error: (09/01/2014 06:09:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneClick.exe, Version: 14.0.1000.340, Zeitstempel: 0x53c63659
Name des fehlerhaften Moduls: ntrtl60.bpl, Version: 0.0.0.0, Zeitstempel: 0x53c63614
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002c020
ID des fehlerhaften Prozesses: 0xc20
Startzeit der fehlerhaften Anwendung: 0xOneClick.exe0
Pfad der fehlerhaften Anwendung: OneClick.exe1
Pfad des fehlerhaften Moduls: OneClick.exe2
Berichtskennung: OneClick.exe3

Error: (08/26/2014 07:10:28 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
Generatordaten werden gesammelt

Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {2cbf20a5-cec2-49f3-b385-4445878dc675}

Error: (08/25/2014 06:06:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [1813]

Error: (08/24/2014 10:37:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm VideoConverter.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11b8

Startzeit: 01cfbf75ce4f5bd1

Endzeit: 325

Anwendungspfad: C:\Program Files\Free Video Converter\VideoConverter.exe

Berichts-ID: e4c80660-2b69-11e4-85fc-0014856d7514

Error: (08/24/2014 10:30:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm VideoConverter.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16d8

Startzeit: 01cfbf725c5cb086

Endzeit: 253

Anwendungspfad: C:\Program Files\Free Video Converter\VideoConverter.exe

Berichts-ID: dc48b38f-2b68-11e4-85fc-0014856d7514

Error: (08/23/2014 07:53:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm apc.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c98

Startzeit: 01cfbefa5f2dc6cf

Endzeit: 149

Anwendungspfad: C:\Program Files\Ashampoo\Ashampoo Photo Commander 11\apc.exe

Berichts-ID: 4a67c62d-2aee-11e4-b7d4-0014856d7514

Error: (08/23/2014 07:33:28 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (08/21/2014 03:47:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3d4

Startzeit: 01cfbd462608fdca

Endzeit: 59312

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 8d010479-2939-11e4-bd78-0014856d7514


System errors:
=============
Error: (10/05/2014 09:22:49 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/05/2014 07:47:36 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/03/2014 04:40:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (10/03/2014 04:40:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.

Error: (10/03/2014 04:40:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (10/01/2014 02:02:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎10.‎2014 um 13:58:05 unerwartet heruntergefahren.

Error: (09/30/2014 05:47:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (09/30/2014 08:25:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.

Error: (09/29/2014 05:39:59 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (09/29/2014 05:39:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 3.20GHz
Percentage of memory in use: 62%
Total physical RAM: 1535.55 MB
Available physical RAM: 581.03 MB
Total Pagefile: 3071.11 MB
Available Pagefile: 1821.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.21 GB) (Free:146.12 GB) NTFS
Drive j: (My Book) (Fixed) (Total:931.28 GB) (Free:651.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=186.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
__________________
Alt 06.10.2014, 11:00   #4
schrauber
/// the machine
/// TB-Ausbilder
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



MBAM updaten, suchen lassen, alles in Quarantäne stecken.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.10.2014, 17:48   #5
easily
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Hallo nochmal,
sorry habe das Code Symbol nur zum Schluß gesetzt :-). In der Zwischenzeit habe ich den AdwCleaner runter geladen und laufen lassen. Danach habe ich nochmal anti Maleware auch laufen lassen und der hat nichts mehr gefunden. Danach habe ich den Junkware Removal Tool laufen lassen und da kam das heraus
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by K. on 06.10.2014 at 16:48:11,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C6CBAD42-930C-4027-99A8-E54866EFB65F}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"



~~~ FireFox

Successfully deleted the following from C:\Users\Koegel\AppData\Roaming\mozilla\firefox\profiles\9jmiqo3h.default\prefs.js

user_pref("browser.search.useDBForOrder", true);
Emptied folder: C:\Users\Koegel\AppData\Roaming\mozilla\firefox\profiles\9jmiqo3h.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.10.2014 at 16:56:12,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hier noch ein frisches FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014
Ran by K. (administrator) on KOEGEL-PC on 06-10-2014 18:38:30
Running from C:\Users\Koegel\Downloads
Loaded Profile: Kathrin (Available profiles: K.)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-09] (Microsoft Corporation)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\express.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nvstlink.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nvstview.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Homepage: www.freenet.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\de_DE@dicts.j3e.de [2014-09-18]
FF Extension: YouTube Unblocker - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\youtubeunblocker@unblocker.yt [2014-04-05]
FF Extension: Garmin Communicator - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-08-10]
FF Extension: WOT - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Click to Play per-element - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2013-11-18]
FF Extension: Ghostery - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\firefox@ghostery.com.xpi [2014-04-27]
FF Extension: Flagfox - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-08-27]
FF Extension: ImTranslator - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-04-05]
FF Extension: Adblock Plus - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-08]
FF Extension: BetterPrivacy - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-27]
FF Extension: QuickJava - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HomePage: Default -> 
CHR RestoreOnStartup: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Docs) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21]
CHR Extension: (Google Drive) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]
CHR Extension: (YouTube) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]
CHR Extension: (Google-Suche) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]
CHR Extension: (RealDownloader) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]
CHR Extension: (Google Mail) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-05] (AVAST Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-06] (Malwarebytes Corporation)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 18:36 - 2014-10-06 18:36 - 00000000 ____D () C:\Users\Koegel\Downloads\FRST-OlderVersion
2014-10-06 16:56 - 2014-10-06 16:56 - 00001496 _____ () C:\Users\Koegel\Desktop\JRT.txt
2014-10-06 16:48 - 2014-10-06 16:48 - 00000000 ____D () C:\Windows\ERUNT
2014-10-06 16:47 - 2014-10-06 16:47 - 01705141 _____ (Thisisu) C:\Users\Koegel\Downloads\JRT-631.exe
2014-10-06 15:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-10-06 15:11 - 2014-10-06 15:44 - 00000000 ____D () C:\AdwCleaner
2014-10-06 15:10 - 2014-10-06 15:10 - 01375089 _____ () C:\Users\Koegel\Downloads\adwcleaner_3.311.exe
2014-10-05 13:16 - 2014-10-05 13:19 - 00028273 _____ () C:\Users\Koegel\Downloads\FRST-Addition.txt
2014-10-05 13:14 - 2014-10-06 18:38 - 00014064 _____ () C:\Users\Koegel\Downloads\FRST.txt
2014-10-05 13:14 - 2014-10-06 18:38 - 00000000 ____D () C:\FRST
2014-10-05 13:12 - 2014-10-06 18:36 - 01101312 _____ (Farbar) C:\Users\Koegel\Downloads\FRST.exe
2014-10-05 10:15 - 2014-10-05 10:15 - 00011011 _____ () C:\Malewarebytes.txt
2014-10-05 08:26 - 2014-10-05 08:26 - 00001024 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-05 08:26 - 2014-10-05 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-05 08:25 - 2014-10-05 08:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-10-05 08:21 - 2014-10-05 08:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Koegel\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-04 19:57 - 2014-10-04 19:57 - 00014816 _____ () C:\Users\Koegel\Documents\Strom sparen am pc.odt
2014-10-04 16:47 - 2014-10-04 16:47 - 00115288 _____ () C:\Users\Koegel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-04 09:10 - 2014-10-06 15:46 - 00007332 _____ () C:\Windows\PFRO.log
2014-10-04 09:10 - 2014-10-06 15:46 - 00000504 _____ () C:\Windows\setupact.log
2014-10-04 09:10 - 2014-10-04 09:10 - 00436552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-04 09:10 - 2014-10-04 09:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 08:58 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-28 13:28 - 2014-09-28 13:28 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CdCoverCreator
2014-09-28 13:27 - 2014-09-28 13:27 - 02831657 _____ () C:\Users\Koegel\Downloads\CdCoverCreator-Setup-2.5.3_CB-DL-Manager [1].exe
2014-09-28 13:25 - 2014-09-28 13:25 - 00816064 _____ ( ) C:\Users\Koegel\Downloads\CdCoverCreator-Setup-2.5.3_CB-DL-Manager.exe
2014-09-28 07:49 - 2014-09-28 07:58 - 00185719 _____ () C:\Users\Koegel\Desktop\Test Cover.cedprj
2014-09-27 22:00 - 2014-09-27 22:00 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\Ashampoo Cover Studio
2014-09-27 21:59 - 2014-09-27 21:59 - 00001152 _____ () C:\Users\Public\Desktop\Ashampoo Cover Studio.lnk
2014-09-27 21:47 - 2014-09-27 21:47 - 17091736 _____ (ashampoo GmbH & Co. KG ) C:\Users\Koegel\Downloads\ashampoo_cover_studio_101_5870.exe
2014-09-27 20:07 - 2014-09-27 20:08 - 00000000 ____D () C:\Users\Koegel\Documents\für R
2014-09-24 16:59 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-21 10:59 - 2014-09-21 11:00 - 01508995 _____ () C:\Users\Koegel\Downloads\LAME3.99.5.zip
2014-09-21 10:03 - 2014-10-03 17:09 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\MusicBee
2014-09-21 10:01 - 2014-09-21 10:02 - 00000000 ____D () C:\Program Files\MusicBee
2014-09-21 10:01 - 2014-09-21 10:01 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-09-21 10:00 - 2014-09-21 10:00 - 15526961 _____ () C:\Users\Koegel\Downloads\MusicBeeSetup_2_4_CB-DL-Manager [1].exe
2014-09-21 09:58 - 2014-09-21 09:58 - 00816064 _____ ( ) C:\Users\Koegel\Downloads\MusicBeeSetup_2_4_CB-DL-Manager.exe
2014-09-14 19:06 - 2014-09-21 10:02 - 00000929 _____ () C:\Users\Koegel\Desktop\MusicBee.lnk
2014-09-14 19:05 - 2014-09-14 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-09-13 08:47 - 2014-09-13 08:47 - 00011863 _____ () C:\Users\Koegel\Documents\Einstellungen von Firefox und Apps.odt
2014-09-11 13:48 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 13:48 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 13:48 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 13:48 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 13:48 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 13:48 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 13:48 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 13:48 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 13:48 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 13:48 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 13:48 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 13:48 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 13:48 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 13:48 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 13:48 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 13:48 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 13:48 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 13:48 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 13:48 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 13:48 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 13:48 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 13:48 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 13:48 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 13:48 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 13:48 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 13:48 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 13:48 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 13:48 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 13:48 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 13:48 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 13:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 13:24 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 13:24 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 13:24 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 13:24 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 13:21 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 13:21 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-07 18:32 - 2014-09-07 18:32 - 01101648 _____ () C:\Users\Koegel\Downloads\Firefox - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 18:06 - 2013-11-07 19:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 17:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-06 16:30 - 2013-11-07 11:33 - 02045763 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 15:55 - 2014-06-12 20:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 15:52 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 15:52 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 15:47 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 16:41 - 2014-08-26 07:10 - 00000000 ____D () C:\Users\Koegel\AppData\Local\Windows Live
2014-09-28 06:17 - 2013-11-07 18:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 21:59 - 2014-02-19 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-09-27 21:59 - 2014-02-19 13:43 - 00000000 ____D () C:\Program Files\Ashampoo
2014-09-27 20:09 - 2013-12-22 19:32 - 00023040 _____ () C:\Users\Koegel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-27 18:01 - 2014-05-10 11:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-27 10:33 - 2014-07-09 11:57 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\MediaMonkey
2014-09-26 13:19 - 2013-11-07 11:42 - 01618600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 17:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-22 21:16 - 2013-12-14 14:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2009-10-14 04:21 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 15:51 - 2014-07-22 08:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-11 18:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 13:51 - 2013-11-07 11:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 13:47 - 2013-11-08 21:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 13:40 - 2009-10-14 04:21 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 13:39 - 2014-05-06 07:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 19:08 - 2013-11-07 19:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 19:08 - 2013-11-07 19:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-07 21:57 - 2013-11-07 18:43 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Some content of TEMP:
====================
C:\Users\Koegel\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 17:25

==================== End Of Log ============================
--- --- ---

Die FRST von gestern habe ich jetzt nicht mehr rein
L.G.


Alt 07.10.2014, 13:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> PUP.PSWTOOL.ProduktKey

Alt 08.10.2014, 05:41   #7
easily
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Hi,
hier der scan hintereinander Eset online scaner (dauerte gute 6 Std.deshalb kam gestern nichts mehr von mir :-) ) Sec. Check, und FRST

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ac5596c2a273dc49b4a2c8ad15517a49
# engine=20484
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-07 11:27:39
# local_time=2014-10-08 01:27:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 97 1841112 27243709 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 30593 164355650 0 0
# scanned=162306
# found=28
# cleaned=0
# scan_time=28196
sh=4920499AC2B7FC459D45BBAB806A2F75FF4BC25E ft=1 fh=92bccc7991282d5b vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=9323FF10E7ED5206E56A37780F16063273D61BC9 ft=1 fh=6c480ac86f85e664 vn="Win32/Keygen.HB potenziell unsichere Anwendung" ac=I fn="C:\OFFICE2007\MICROSOFT OFFICE 2007 ENTERPRISE KEYGEN\KEYGEN.EXE"
sh=05740E2506725415B1D71D294E9F5ED6B648C6F0 ft=1 fh=d3eb61b81cae9614 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Free mp3 Wma Converter\Helper.dll"
sh=9ABC8223C56064FFDD85E6B10D1C60B2AACCB960 ft=1 fh=e50b7e6d3fcfaa0b vn="Win32/DriverGenius.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Koegel\Desktop\Driver Genius Professional.v12.0.0.1211\Crack\DriverGenius.exe"
sh=D248A74F82866769422ABC50D14F0FB0DA4CDDAC ft=1 fh=43638034d6e59912 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Koegel\Downloads\Audacity - CHIP-Downloader.exe"
sh=69980026F685529DA9783D131602D6C5D9D3C38A ft=1 fh=7dcb11e9e8e81b04 vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Koegel\Downloads\CdCoverCreator-Setup-2.5.3_CB-DL-Manager.exe"
sh=C43BD082C82404E873AB989C15A267C2EA1A56AA ft=1 fh=1537f3085148b08f vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Koegel\Downloads\FreeMP4VideoConverter5.0.46.820.exe"
sh=0C2D25DA4C7D3F9E2880D91D89882467A533D9FD ft=1 fh=7dcb11e9ae43d103 vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Koegel\Downloads\MusicBeeSetup_2_4_CB-DL-Manager.exe"
sh=F7511D8F7E2D032A517A400EEA63374798FF4BB0 ft=1 fh=ec17a1732fd24011 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Koegel\Downloads\rcsetup149.exe"
sh=8BE4C277A62F2400C3B0A20F39297D310774E2AC ft=1 fh=d69c639933d87dfe vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Koegel\Downloads\Setup_FreeConverter_2.1.exe"
sh=5370F1DF889F220A7EE55C6BC9031DF0AC3EAF99 ft=1 fh=dac1a9482b9a423d vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Koegel\Downloads\siw13-setup.exe"
sh=33C7CCD8ED9755E948A0A8672F5E63D2DA53812A ft=1 fh=18e35cc75da59869 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="J:\1000GB USB\SoftonicDownloader_fuer_orbit-downloader.exe"
sh=378B7C36B5CA3CD191446F823C45F633D4B4C564 ft=1 fh=4bbb3fb99b1307a2 vn="Variante von Win32/Toolbar.SearchSuite.L evtl. unerwünschte Anwendung" ac=I fn="J:\iMesh Applications\iMesh\Uninstall.exe"
sh=D4E4B245BC65C20A517C312BE298043DF502FBC3 ft=1 fh=deda419c5d6c204e vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="J:\iMesh Applications\iMesh\Helper.dll"
sh=22BCFAD4BD3331CD60E886A8BCE95A6881376C68 ft=0 fh=0000000000000000 vn="Win32/Keygen.HB potenziell unsichere Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-07-15 175100\Backup Files 2014-07-15 175100\Backup files 1.zip"
sh=CCF15CA1B19F750E3B36711B7E1186E12285B0C2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-07-15 175100\Backup Files 2014-07-15 175100\Backup files 4.zip"
sh=B7044DD99391BBE4AB78BDB7C3075257A6185F5E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-07-15 175100\Backup Files 2014-07-15 175100\Backup files 13.zip"
sh=EDFD399D5C34D6729AF82B95E792A3D637AF7592 ft=0 fh=0000000000000000 vn="Win32/DriverGenius.A evtl. unerwünschte Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-07-15 175100\Backup Files 2014-07-15 175100\Backup files 14.zip"
sh=D52809EC76CD9C16EFD267DB145427C8DCFF9E3B ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-07-15 175100\Backup Files 2014-07-15 175100\Backup files 15.zip"
sh=BB0EBF02A9D202EC567A64CA6B019C7ED634C970 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-07-15 175100\Backup Files 2014-07-15 175100\Backup files 16.zip"
sh=CE7B129A194DDC2A160DC2910D307D7C8A1641AD ft=0 fh=0000000000000000 vn="Variante von Win32/PSWTool.ProductKey potenziell unsichere Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-07-15 175100\Backup Files 2014-07-15 175100\Backup files 56.zip"
sh=12591B603C60D0BF4EF913C890B5645DA1561AF1 ft=0 fh=0000000000000000 vn="Win32/Keygen.HB potenziell unsichere Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-09-15 182718\Backup Files 2014-09-15 182718\Backup files 1.zip"
sh=BD3FB094221E1EEC5FA6832764C2002330ECA96F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-09-15 182718\Backup Files 2014-09-15 182718\Backup files 3.zip"
sh=1FCDFDC96E26C0C667CB0837411EF3EC7344A909 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-09-15 182718\Backup Files 2014-09-15 182718\Backup files 12.zip"
sh=7A4A9D0EE68EB3C3647C6E973014135374D9C092 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-09-15 182718\Backup Files 2014-09-15 182718\Backup files 13.zip"
sh=57B6F8827157ADD15317F19B6674375522E4A5A8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-09-15 182718\Backup Files 2014-09-15 182718\Backup files 14.zip"
sh=615BE73C6220BC0E5F2C419606E873692C684527 ft=0 fh=0000000000000000 vn="Variante von Win32/PSWTool.ProductKey potenziell unsichere Anwendung" ac=I fn="J:\KOEGEL-PC\Backup Set 2014-09-15 182718\Backup Files 2014-09-15 182718\Backup files 56.zip"
sh=9323FF10E7ED5206E56A37780F16063273D61BC9 ft=1 fh=6c480ac86f85e664 vn="Win32/Keygen.HB potenziell unsichere Anwendung" ac=I fn="J:\Microsoft Office Key\MICROSOFT OFFICE 2007 ENTERPRISE KEYGEN\KEYGEN.EXE"
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities 2014   
 Java 8 Update 11  
 Java 8 Update 20  
 Java version out of Date! 
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014
Ran by  (administrator) on KOEGEL-PC on 08-10-2014 06:22:59
Running from C:\Users\Koegel\Downloads
Loaded Profile:  (Available profiles: )
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-09] (Microsoft Corporation)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\express.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nvstlink.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nvstview.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = News - Service - Shopping bei t-online.de
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Homepage: freenet.de - E-Mail, Singles, Nachrichten & Services
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\de_DE@dicts.j3e.de [2014-09-18]
FF Extension: YouTube Unblocker - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\youtubeunblocker@unblocker.yt [2014-04-05]
FF Extension: Garmin Communicator - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-08-10]
FF Extension: WOT - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Click to Play per-element - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2013-11-18]
FF Extension: Ghostery - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\firefox@ghostery.com.xpi [2014-04-27]
FF Extension: Flagfox - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-08-27]
FF Extension: NoScript - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-06]
FF Extension: ImTranslator - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-04-05]
FF Extension: Adblock Plus - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-08]
FF Extension: BetterPrivacy - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-27]
FF Extension: QuickJava - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Koegel\AppData\Roaming\Mozilla\Firefox\Profiles\9jmiqo3h.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HomePage: Default -> 
CHR RestoreOnStartup: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Docs) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21]
CHR Extension: (Google Drive) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]
CHR Extension: (YouTube) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]
CHR Extension: (Google-Suche) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]
CHR Extension: (RealDownloader) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]
CHR Extension: (Google Mail) - C:\Users\Koegel\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-05] (AVAST Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-05] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2014-07-05] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 06:09 - 2014-10-08 06:09 - 00854417 _____ () C:\Users\Koegel\Downloads\SecurityCheck.exe
2014-10-07 17:25 - 2014-10-07 17:25 - 02347384 _____ (ESET) C:\Users\Koegel\Downloads\esetsmartinstaller_deu.exe
2014-10-06 18:36 - 2014-10-06 18:36 - 00000000 ____D () C:\Users\Koegel\Downloads\FRST-OlderVersion
2014-10-06 16:56 - 2014-10-06 16:56 - 00001496 _____ () C:\Users\Koegel\Desktop\JRT.txt
2014-10-06 16:48 - 2014-10-06 16:48 - 00000000 ____D () C:\Windows\ERUNT
2014-10-06 16:47 - 2014-10-06 16:47 - 01705141 _____ (Thisisu) C:\Users\Koegel\Downloads\JRT-631.exe
2014-10-06 15:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-10-06 15:11 - 2014-10-06 15:44 - 00000000 ____D () C:\AdwCleaner
2014-10-06 15:10 - 2014-10-06 15:10 - 01375089 _____ () C:\Users\Koegel\Downloads\adwcleaner_3.311.exe
2014-10-05 13:16 - 2014-10-05 13:19 - 00028273 _____ () C:\Users\Koegel\Downloads\FRST-Addition.txt
2014-10-05 13:14 - 2014-10-08 06:23 - 00000000 ____D () C:\FRST
2014-10-05 13:14 - 2014-10-08 06:22 - 00014131 _____ () C:\Users\Koegel\Downloads\FRST.txt
2014-10-05 13:12 - 2014-10-06 18:36 - 01101312 _____ (Farbar) C:\Users\Koegel\Downloads\FRST.exe
2014-10-05 10:15 - 2014-10-05 10:15 - 00011011 _____ () C:\Malewarebytes.txt
2014-10-05 08:26 - 2014-10-05 08:26 - 00001024 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-05 08:26 - 2014-10-05 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-05 08:25 - 2014-10-05 08:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-10-05 08:21 - 2014-10-05 08:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Koegel\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-04 19:57 - 2014-10-04 19:57 - 00014816 _____ () C:\Users\Koegel\Documents\Strom sparen am pc.odt
2014-10-04 16:47 - 2014-10-04 16:47 - 00115288 _____ () C:\Users\Koegel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-04 09:10 - 2014-10-08 05:35 - 00000616 _____ () C:\Windows\setupact.log
2014-10-04 09:10 - 2014-10-06 15:46 - 00007332 _____ () C:\Windows\PFRO.log
2014-10-04 09:10 - 2014-10-04 09:10 - 00436552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-04 09:10 - 2014-10-04 09:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 08:58 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-28 13:28 - 2014-09-28 13:28 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CdCoverCreator
2014-09-28 13:27 - 2014-09-28 13:27 - 02831657 _____ () C:\Users\Koegel\Downloads\CdCoverCreator-Setup-2.5.3_CB-DL-Manager [1].exe
2014-09-28 13:25 - 2014-09-28 13:25 - 00816064 _____ ( ) C:\Users\Koegel\Downloads\CdCoverCreator-Setup-2.5.3_CB-DL-Manager.exe
2014-09-28 07:49 - 2014-09-28 07:58 - 00185719 _____ () C:\Users\Koegel\Desktop\Test Cover.cedprj
2014-09-27 22:00 - 2014-09-27 22:00 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\Ashampoo Cover Studio
2014-09-27 21:59 - 2014-09-27 21:59 - 00001152 _____ () C:\Users\Public\Desktop\Ashampoo Cover Studio.lnk
2014-09-27 21:47 - 2014-09-27 21:47 - 17091736 _____ (ashampoo GmbH & Co. KG ) C:\Users\Koegel\Downloads\ashampoo_cover_studio_101_5870.exe
2014-09-27 20:07 - 2014-09-27 20:08 - 00000000 ____D () C:\Users\Koegel\Documents\für R
2014-09-24 16:59 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-21 10:59 - 2014-09-21 11:00 - 01508995 _____ () C:\Users\Koegel\Downloads\LAME3.99.5.zip
2014-09-21 10:03 - 2014-10-03 17:09 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\MusicBee
2014-09-21 10:01 - 2014-09-21 10:02 - 00000000 ____D () C:\Program Files\MusicBee
2014-09-21 10:01 - 2014-09-21 10:01 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-09-21 10:00 - 2014-09-21 10:00 - 15526961 _____ () C:\Users\Koegel\Downloads\MusicBeeSetup_2_4_CB-DL-Manager [1].exe
2014-09-21 09:58 - 2014-09-21 09:58 - 00816064 _____ ( ) C:\Users\Koegel\Downloads\MusicBeeSetup_2_4_CB-DL-Manager.exe
2014-09-14 19:06 - 2014-09-21 10:02 - 00000929 _____ () C:\Users\Koegel\Desktop\MusicBee.lnk
2014-09-14 19:05 - 2014-09-14 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-09-13 08:47 - 2014-09-13 08:47 - 00011863 _____ () C:\Users\Koegel\Documents\Einstellungen von Firefox und Apps.odt
2014-09-11 13:48 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 13:48 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 13:48 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 13:48 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 13:48 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 13:48 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 13:48 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 13:48 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 13:48 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 13:48 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 13:48 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 13:48 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 13:48 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 13:48 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 13:48 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 13:48 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 13:48 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 13:48 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 13:48 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 13:48 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 13:48 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 13:48 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 13:48 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 13:48 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 13:48 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 13:48 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 13:48 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 13:48 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 13:48 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 13:48 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 13:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 13:24 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 13:24 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 13:24 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 13:24 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 13:21 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 13:21 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 06:06 - 2013-11-07 19:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 06:05 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 06:05 - 2009-07-14 06:34 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 05:39 - 2013-11-07 11:33 - 02090107 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 05:36 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 17:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-06 15:55 - 2014-06-12 20:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 16:41 - 2014-08-26 07:10 - 00000000 ____D () C:\Users\Koegel\AppData\Local\Windows Live
2014-09-28 06:17 - 2013-11-07 18:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 21:59 - 2014-02-19 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-09-27 21:59 - 2014-02-19 13:43 - 00000000 ____D () C:\Program Files\Ashampoo
2014-09-27 20:09 - 2013-12-22 19:32 - 00023040 _____ () C:\Users\Koegel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-27 18:01 - 2014-05-10 11:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-27 10:33 - 2014-07-09 11:57 - 00000000 ____D () C:\Users\Koegel\AppData\Roaming\MediaMonkey
2014-09-26 13:19 - 2013-11-07 11:42 - 01618600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 17:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-22 21:16 - 2013-12-14 14:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2009-10-14 04:21 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 15:51 - 2014-07-22 08:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-11 18:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 13:51 - 2013-11-07 11:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 13:47 - 2013-11-08 21:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 13:40 - 2009-10-14 04:21 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 13:39 - 2014-05-06 07:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 19:08 - 2013-11-07 19:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 19:08 - 2013-11-07 19:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Koegel\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 17:25

==================== End Of Log ============================
--- --- ---
Was heist das jetzt, bin ich geheilt ? :-))
L.G.

Alt 08.10.2014, 16:03   #8
schrauber
/// the machine
/// TB-Ausbilder
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Zitat:
C:\OFFICE2007\MICROSOFT OFFICE 2007 ENTERPRISE KEYGEN\KEYGEN.EXE
Und hier wäre dann Schluss mit Support bis alle Cracks und gecrackte Software gelöscht ist.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.10.2014, 16:45   #9
easily
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


????????? die Antwort verstehe ich nicht. Heißt das office 2007 ist schlecht und muß gelöscht werden??
Was soll ich alles löschen? Bin leider etwas schwer vom Begriff. Evtl. kannst du noch etwas genauer werden ;-)
Ich bedanke mich schon mal mit deiner Geduld mit einer kleinen Spende

M.f.G.

Alt 09.10.2014, 10:54   #10
schrauber
/// the machine
/// TB-Ausbilder
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Dein office 2007 ist illegal gecrackt und nicht legal erworben, oder?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.10.2014, 16:49   #11
easily
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Keine Ahnung, habe mir von einem Computergeschäft (der etwas billiger ist als die anderen) Windows 7 drauf machen lassen, da ich XP hatte und zuerst hatten ich Outlook 2010. Das funktionierte aber nicht richtig. Er sagte, das er mir dafür das office 2007 geben könnte.....

Alt 10.10.2014, 11:42   #12
schrauber
/// the machine
/// TB-Ausbilder
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Netter Laden. Office samt dem Ordner Office und dem Keygen komplett löschen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.10.2014, 14:32   #13
easily
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Ich habe da 3 verschiedene, (gehöre eher zu den Anfängern :-) )
office Enterprise 2007, nur das oder auch die anderen beiden
office file Validation Add In
offic live add - in 1.5
und reicht es, wenn ich unter Systemsteuerung deinstalliere, oder wo finde ich den keygen?

Alt 11.10.2014, 11:29   #14
schrauber
/// the machine
/// TB-Ausbilder
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Alle 3 deinstallieren über Systemsteuerung, dann den Ordner C:\OFFICE2007 löschen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.10.2014, 19:06   #15
easily
 
PUP.PSWTOOL.ProduktKey - Standard

PUP.PSWTOOL.ProduktKey


Danke für deine Hilfe, aber mir hat heute vor Ort jemand geholfen....

gruß
easily

Antwort
Seite 1 von 2 1 2

Themen zu PUP.PSWTOOL.ProduktKey
fehlercode 0xc0000005, pup.optional.koyote.a, pup.optional.opencandy, pup.optional.opencandy.a, pup.optional.regcleanerpro.a, pup.optional.regcleanpro.a, pup.optional.softonic.a, pup.optional.systemspeedup, pup.pswtool.productkey, security.hijack, win32/bundled.toolbar.google.d, win32/downloadsponsor.a, win32/drivergenius.a, win32/installcore.pk, win32/installcore.qh, win32/keygen.hb, win32/opencandy.a, win32/pswtool.productkey, win32/softonicdownloader.a, win32/systweak.a, win32/toolbar.montiera.i, win32/toolbar.searchsuite, win32/toolbar.searchsuite.l, win32/toolbar.searchsuite.p


« Windows 7 keine Treiber installieren sowie bestimmte Programme nicht nutzbar | Windows7: Adware bspw. VOPackage hat sich auf System eingeschlichen »


Ähnliche Themen: PUP.PSWTOOL.ProduktKey


  1. PUP.PSWTOOL.ProduktKey unter Malewarebytes gefunden
    Mülltonne - 05.10.2014 (1)
  2. Fifa10.exe meldet Problem "not-a-virus:PSWTool.Win32.NetPass.yp"
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (5)
  3. VideoDownloader infiziert von Win32.PSWtool-L (PUP)
    Antiviren-, Firewall- und andere Schutzprogramme - 26.05.2011 (10)
  4. Not-A-Virus.PSWTool.Win32.Brutus
    Plagegeister aller Art und deren Bekämpfung - 03.05.2009 (0)
  5. Windows Home Edition Produktkey funkioniert nicht?
    Alles rund um Windows - 11.01.2009 (8)
  6. not-a-virus:PSWTool.HTM.Fraud.gen
    Plagegeister aller Art und deren Bekämpfung - 29.08.2006 (16)
  7. Produktkey ändern?
    Alles rund um Windows - 16.11.2005 (4)
  8. Frage zu "PSWTool.Win32.RAS.a"
    Plagegeister aller Art und deren Bekämpfung - 16.09.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PUP.PSWTOOL.ProduktKey - Hallo, ich hoffe auf eure Hilfe und bedanke mich schon mal im voraus für euren Einsatz. Ich habe das Malewarebytes Program laufen lassen und er hat promt was in Quarantäne - PUP.PSWTOOL.ProduktKey...
Archiv
Du betrachtest: PUP.PSWTOOL.ProduktKey auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129