Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google Suche in Chrome wird umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.10.2014, 20:37   #1
atarianer69
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Hallo, ich habe seit gestern das Problem, dass meine Suchergebnisse in Google Chrome immer auf splitter.microxml.net und dann auf irgendwelche Werbeseiten umgeleitet werden. Habe nach Urlaub Antivirupdate gemacht, WIN7 hat auch Updates gemacht, ebenso wie Java und Adobe Reader. Danach war die ask-toolbar installiert, welche ich deinstalliert habe inklusive einer Chrome-Erweiterung. Diverse Tools haben bisher nichts gefunden (adwcleaner 4.0, OTL, JRT, Malwarebytes). Bin etwas ratlos und mag ansich nicht alles neu aufsetzen...
Angehängte Dateien
Dateityp: txt Extras.Txt (42,3 KB, 123x aufgerufen)
Dateityp: txt FRST.txt (46,1 KB, 112x aufgerufen)

Geändert von atarianer69 (19.10.2014 um 20:50 Uhr)

Alt 19.10.2014, 21:01   #2
Machiavelli
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Immer in CodeTags posten.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 19.10.2014, 21:12   #3
atarianer69
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



OK. Hab mich schon gewundert, wie das gemacht wird...

Hier Ergebnis für OTL.

Code:
ATTFilter
OTL logfile created on: 19.10.2014 19:33:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lupser\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 42,70% Memory free
7,73 Gb Paging File | 5,02 Gb Available in Paging File | 64,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,28 Gb Total Space | 82,02 Gb Free Space | 69,93% Space Free | Partition Type: NTFS
Drive E: | 1021,00 Mb Total Space | 988,11 Mb Free Space | 96,78% Space Free | Partition Type: NTFS
 
Computer Name: GRAUER_FALTER | User Name: Lupser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.10.19 19:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lupser\Desktop\OTL.exe
PRC - [2014.10.18 21:23:33 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014.10.18 21:21:33 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.10.18 21:21:32 | 000,703,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.09.12 11:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.06.27 00:04:52 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2009.07.31 13:06:25 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.06.19 11:31:39 | 000,651,264 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.07.31 13:06:25 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.09.19 03:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014.10.18 21:23:33 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.10.18 21:21:33 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.09.12 11:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.04.03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.02.27 11:14:00 | 001,008,344 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.02.05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2014.10.18 21:21:33 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014.10.18 21:21:33 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014.05.24 10:28:01 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2014.04.28 16:26:49 | 000,086,768 | ---- | M] (Dataram, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2014.04.27 20:59:00 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2014.04.27 20:59:00 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2014.04.27 20:59:00 | 000,184,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2014.04.27 20:59:00 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2014.04.27 20:59:00 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2014.03.19 15:23:08 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2014.03.19 15:23:08 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2014.02.25 11:41:04 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.21 11:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.03.01 09:20:56 | 000,239,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.05 08:58:32 | 000,044,032 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVPolCIR.sys -- (AVPolCIR)
DRV:64bit: - [2009.08.05 08:58:26 | 000,364,800 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerPola.sys -- (AVerPola)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 73 32 B6 24 62 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E7A380F-CCB0-485E-9E48-5099DBFBFB02}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.10.19 19:32:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lupser\Desktop\OTL.exe
[2014.10.19 19:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014.10.19 18:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.10.19 17:28:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.10.19 17:04:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.10.10 23:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014.10.10 23:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014.09.27 22:19:59 | 000,000,000 | ---D | C] -- C:\Users\Lupser\.dvdcss
[2014.09.27 22:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2014.09.27 22:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2014.09.27 22:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
 
========== Files - Modified Within 30 Days ==========
 
[2014.10.19 19:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lupser\Desktop\OTL.exe
[2014.10.19 19:22:02 | 000,029,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.10.19 19:22:02 | 000,029,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.10.19 19:20:43 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.10.19 19:20:43 | 000,699,058 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.10.19 19:20:43 | 000,653,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.10.19 19:20:43 | 000,149,166 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.10.19 19:20:43 | 000,121,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.10.19 19:14:54 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.10.19 19:14:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.10.19 19:14:39 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2014.10.19 19:14:25 | 1073,774,640 | ---- | M] () -- C:\RAMDisk.img
[2014.10.19 19:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.10.19 17:19:52 | 1073,774,640 | ---- | M] () -- C:\RAMDisk.img.bak
[2014.10.18 21:54:32 | 000,298,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.10.18 21:21:35 | 000,043,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.10.18 21:21:33 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.10.18 21:21:33 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.10.10 23:55:06 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014.10.10 23:53:42 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2014.10.10 23:55:06 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014.05.06 22:11:58 | 000,003,584 | ---- | C] () -- C:\Users\Lupser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.05.06 19:40:02 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2014.05.06 19:40:02 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2014.05.06 19:39:46 | 000,598,016 | R--- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2014.05.06 19:39:46 | 000,294,912 | R--- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2014.05.06 19:39:46 | 000,290,816 | R--- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2014.05.06 19:39:46 | 000,249,856 | R--- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2014.05.06 19:39:46 | 000,249,856 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2014.05.06 19:39:46 | 000,225,280 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2014.05.06 19:39:46 | 000,135,168 | R--- | C] () -- C:\Windows\SysWow64\sptlib12.dll
[2014.04.28 17:41:23 | 000,007,613 | ---- | C] () -- C:\Users\Lupser\AppData\Local\Resmon.ResmonCfg
[2014.04.27 20:22:17 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2014.04.27 20:22:17 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2014.04.27 20:22:17 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2014.04.27 20:22:17 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2014.04.27 20:22:17 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2014.04.27 20:22:17 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2014.04.27 19:12:02 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014.04.27 19:12:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014.04.27 19:11:57 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014.04.27 19:11:56 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2014.04.27 19:11:56 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2014.04.27 19:11:56 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014.04.27 19:11:56 | 000,001,996 | ---- | C] () -- C:\Windows\unins000.dat
[2014.04.27 18:19:54 | 001,592,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.04.27 16:06:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.04.27 19:11:57 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\CDXReader
[2014.04.27 19:17:38 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\DVDVideoSoft
[2014.04.27 19:11:58 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\LavFilters
[2014.04.27 19:42:45 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\OpenOffice
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2014.04.27 19:41:38 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\Adobe
[2014.04.27 18:03:39 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\ATI
[2014.04.27 18:25:23 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\Avira
[2014.04.27 19:11:57 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\CDXReader
[2014.09.27 22:16:28 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\DivX
[2014.04.27 19:17:38 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\DVDVideoSoft
[2014.04.27 15:36:07 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\Identities
[2014.04.27 16:26:18 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\InstallShield
[2014.04.27 19:11:58 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\LavFilters
[2014.04.27 19:07:10 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\Macromedia
[2011.04.12 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\Media Center Programs
[2014.04.27 23:26:56 | 000,000,000 | --SD | M] -- C:\Users\Lupser\AppData\Roaming\Microsoft
[2014.04.27 19:42:45 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\OpenOffice
[2014.10.02 18:44:25 | 000,000,000 | ---D | M] -- C:\Users\Lupser\AppData\Roaming\Skype
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 05:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2014.09.26 00:46:42 | 000,365,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2014.09.26 00:46:39 | 000,243,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2014.09.26 00:43:38 | 011,807,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< End of report >
         
und hier FRST64:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Lupser (administrator) on GRAUER_FALTER on 19-10-2014 19:59:12
Running from C:\Users\Lupser\Downloads
Loaded Profile: Lupser (Available profiles: Lupser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-18] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2165232648-2442442897-670147972-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC77332B62462CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19]
CHR Extension: (Google Docs) - C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
CHR Extension: (Google Drive) - C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
CHR Extension: (YouTube) - C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19]
CHR Extension: (Google-Suche) - C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19]
CHR Extension: (Google Tabellen) - C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19]
CHR Extension: (Google Wallet) - C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR Extension: (Google Mail) - C:\Users\Lupser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-18] (Avira Operations GmbH & Co. KG)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [344064 2009-04-08] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [405504 2008-12-09] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [364800 2009-08-05] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 AVPolCIR; C:\Windows\System32\DRIVERS\AVPolCIR.sys [44032 2009-08-05] (AVerMedia TECHNOLOGIES, Inc.)
R1 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [86768 2014-04-28] (Dataram, Inc.)
R3 ALSysIO; \??\C:\Users\Lupser\AppData\Local\Temp\ALSysIO64.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2\WNt500x64\Sandra.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 79CC9BE187E3144E1B58A54B842475E7
C:\Windows\System32\DRIVERS\atikmpag.sys 07561D3B7FD99F6E186C49C2D0628E38
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys ED3A041014FBBFDC23D6C04F9C7A5D79
C:\Windows\System32\DRIVERS\AVerPola.sys CFAB6DB65144B2DD133FD72ABD2463BF
C:\Windows\System32\DRIVERS\avgntflt.sys 1B87A1F2FA5B91AC1A7D171B8D952441
C:\Windows\System32\DRIVERS\avipbb.sys AF61774060F277FE45CBD3A9A8E7D45A
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\System32\DRIVERS\AVPolCIR.sys 3082032AA5EB74CB1F476EA22BCD7A3E
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys B44879610F2DC4A046B14BEFA3AE72DE
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\btwampfl.sys 96E22173FD0E2670A2A20C1EEECA162A
C:\Windows\System32\drivers\btwaudio.sys A771078558477068DFD8037B82EB00F8
C:\Windows\System32\drivers\btwavdt.sys 9FF58F76024D25784755B01F926B00BE
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys EDD953D635F3AA89EF902E3F82D60D22
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys CCEDD47ABD068C58C8513DEB785093BB
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\k57nd60a.sys C9B4ECC187581E5BF3F76648884B7829
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RAMDiskVE.sys 22F41479D45C27E895A8619A3368217D
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 3CEEE53BBF8BA284FF44585CEC0162FE
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 064A2530A4A7C7CEC1BE6A1945645BE4
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 19:59 - 2014-10-19 19:59 - 00025958 _____ () C:\Users\Lupser\Downloads\FRST.txt
2014-10-19 19:58 - 2014-10-19 19:59 - 00000000 ____D () C:\FRST
2014-10-19 19:58 - 2014-10-19 19:58 - 02112512 _____ (Farbar) C:\Users\Lupser\Downloads\FRST64.exe
2014-10-19 19:54 - 2014-10-19 19:54 - 00000626 _____ () C:\Users\Lupser\Desktop\JRT.txt
2014-10-19 19:52 - 2014-10-19 19:52 - 00000797 _____ () C:\Windows\setupact.log
2014-10-19 19:52 - 2014-10-19 19:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 19:43 - 2014-10-19 19:43 - 00114134 _____ () C:\Users\Lupser\Desktop\OTL.Txt
2014-10-19 19:43 - 2014-10-19 19:43 - 00043362 _____ () C:\Users\Lupser\Desktop\Extras.Txt
2014-10-19 19:43 - 2014-10-19 19:43 - 00000000 ____D () C:\_OTL
2014-10-19 19:32 - 2014-10-19 19:32 - 00602112 _____ (OldTimer Tools) C:\Users\Lupser\Desktop\OTL.exe
2014-10-19 19:25 - 2014-10-19 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-19 18:02 - 2014-10-19 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 17:59 - 2014-10-19 18:01 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lupser\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-19 17:28 - 2014-10-19 17:28 - 00000000 ____D () C:\Windows\ERUNT
2014-10-19 17:27 - 2014-10-19 17:27 - 01705698 _____ (Thisisu) C:\Users\Lupser\Downloads\JRT.exe
2014-10-19 17:04 - 2014-10-19 17:35 - 00000000 ____D () C:\AdwCleaner
2014-10-19 17:03 - 2014-10-19 17:04 - 01976320 _____ () C:\Users\Lupser\Downloads\adwcleaner_4.000.exe
2014-10-18 21:43 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-18 21:43 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-18 21:43 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-18 21:43 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-18 21:43 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-18 21:43 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-18 21:43 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-18 21:43 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-18 21:43 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-18 21:43 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-18 21:43 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-18 21:43 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-18 21:43 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-18 21:43 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-18 21:43 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-18 21:43 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-18 21:43 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-18 21:43 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-18 21:43 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-18 21:43 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-18 21:43 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 21:43 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-18 21:43 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-18 21:43 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-18 21:43 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-18 21:43 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-18 21:43 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-18 21:43 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-18 21:43 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-18 21:43 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-18 21:43 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-18 21:43 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-18 21:43 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-18 21:43 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-18 21:43 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-18 21:43 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-18 21:43 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-18 21:43 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-18 21:43 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-18 21:43 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-18 21:43 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-18 21:43 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-18 21:43 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-18 21:43 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-18 21:43 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-18 21:43 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-18 21:43 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-18 21:43 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-18 21:43 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-18 21:43 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-18 21:43 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-18 21:43 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-18 21:43 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-18 21:43 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-18 21:43 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-18 21:43 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-18 21:42 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 21:42 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 21:42 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-18 21:42 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-18 21:42 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 21:42 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-18 21:42 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-18 21:41 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-18 21:41 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-18 21:41 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-18 21:36 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-18 21:36 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-18 21:36 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-18 21:35 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-18 21:35 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-18 21:34 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-18 21:34 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-18 21:34 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-18 21:34 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-18 21:34 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-18 21:34 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-18 21:34 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-18 21:34 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-18 21:34 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-18 21:34 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-18 21:34 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-18 21:34 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-18 21:34 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-18 21:34 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-18 21:34 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-10 23:55 - 2014-10-10 23:55 - 00000813 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-10-10 23:55 - 2014-10-10 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-10-10 23:55 - 2014-10-10 23:55 - 00000000 ____D () C:\Program Files\Speccy
2014-10-10 23:52 - 2014-10-10 23:53 - 04890736 _____ (Piriform Ltd) C:\Users\Lupser\Downloads\spsetup126.exe
2014-10-10 23:52 - 2014-10-10 23:52 - 04965896 _____ (Piriform Ltd) C:\Users\Lupser\Downloads\ccsetup418.exe
2014-09-30 20:14 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:14 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-27 22:19 - 2014-09-27 22:19 - 00000000 ____D () C:\Users\Lupser\.dvdcss
2014-09-27 22:18 - 2014-09-27 22:19 - 00000000 ____D () C:\ProgramData\PMS
2014-09-27 22:18 - 2014-09-27 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
2014-09-27 22:18 - 2014-09-27 22:18 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-09-27 22:08 - 2014-09-27 22:13 - 54431910 _____ () C:\Users\Lupser\Downloads\pms-1.90.1-setup-full-x64.exe
2014-09-25 00:03 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 00:03 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 19:55 - 2011-04-12 09:43 - 00699058 _____ () C:\Windows\system32\perfh007.dat
2014-10-19 19:55 - 2011-04-12 09:43 - 00149166 _____ () C:\Windows\system32\perfc007.dat
2014-10-19 19:55 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 19:25 - 2014-04-27 16:46 - 00000000 ____D () C:\Users\Lupser\AppData\Local\Google
2014-10-19 19:25 - 2014-04-27 16:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-19 19:22 - 2009-07-14 06:45 - 00029584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 19:22 - 2009-07-14 06:45 - 00029584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 19:14 - 2014-07-01 00:07 - 01513998 ____N () C:\Windows\WindowsUpdate.log
2014-10-19 19:14 - 2014-04-28 16:55 - 1073774640 ____C () C:\RAMDisk.img
2014-10-19 19:14 - 2014-04-27 16:46 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 19:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 19:10 - 2014-04-27 16:46 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 17:19 - 2014-04-28 16:55 - 1073774640 ____C () C:\RAMDisk.img.bak
2014-10-19 16:24 - 2014-05-23 23:16 - 00000189 _____ () C:\siw_debug.txt
2014-10-18 21:54 - 2009-07-14 06:45 - 00298048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 21:53 - 2014-04-27 18:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 21:48 - 2014-04-27 16:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 21:47 - 2014-04-27 16:57 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-18 21:21 - 2014-04-28 16:22 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-18 21:21 - 2014-04-27 18:22 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-18 21:21 - 2014-04-27 18:22 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-10 23:53 - 2014-04-27 23:13 - 00000839 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-10 23:53 - 2014-04-27 23:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 21:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-02 18:44 - 2014-06-01 21:47 - 00000000 ____D () C:\Users\Lupser\AppData\Roaming\Skype
2014-09-28 23:09 - 2014-05-07 20:31 - 00000000 ____D () C:\Users\Lupser\AppData\Local\CrashDumps
2014-09-27 22:19 - 2014-04-27 15:36 - 00000000 ____D () C:\Users\Lupser
2014-09-27 22:16 - 2014-04-27 19:16 - 00000000 ____D () C:\Users\Lupser\AppData\Roaming\DivX
2014-09-27 22:16 - 2014-04-27 19:12 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-09-27 22:16 - 2014-04-27 19:11 - 00000000 ____D () C:\ProgramData\DivX
2014-09-22 20:45 - 2014-04-27 21:27 - 00000000 ____D () C:\Users\Lupser\AppData\Local\FreePDF_XP
2014-09-22 20:44 - 2014-04-27 21:27 - 00000120 _____ () C:\fpRedmon.log
2014-09-19 22:13 - 2014-04-27 18:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Lupser\AppData\Local\Temp\avgnt.exe
C:\Users\Lupser\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {6ece3afc-ce18-11e3-8c4c-89a4e4342f8b}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {6ece3afe-ce18-11e3-8c4c-89a4e4342f8b}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {6ece3afc-ce18-11e3-8c4c-89a4e4342f8b}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {6ece3afe-ce18-11e3-8c4c-89a4e4342f8b}
device                  ramdisk=[C:]\Recovery\6ece3afe-ce18-11e3-8c4c-89a4e4342f8b\Winre.wim,{6ece3aff-ce18-11e3-8c4c-89a4e4342f8b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\6ece3afe-ce18-11e3-8c4c-89a4e4342f8b\Winre.wim,{6ece3aff-ce18-11e3-8c4c-89a4e4342f8b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {6ece3afc-ce18-11e3-8c4c-89a4e4342f8b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {6ece3aff-ce18-11e3-8c4c-89a4e4342f8b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\6ece3afe-ce18-11e3-8c4c-89a4e4342f8b\boot.sdi



LastRegBack: 2014-10-02 18:31

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 19.10.2014, 21:21   #4
Machiavelli
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



1. Speicher alle Tools auf dem Desktop.
2. Running from C:\Users\Lupser\Downloads - hier sollte sich eine Addition.txt befinden, falls nicht, mache dies:



Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Poste beide Logs in Deine nächste Antwort.

3. Das gleiche für OTL. C:\Users\Lupser\Desktop - hier sollte sich eine Extras.txt befinden. Poste den Inhalt hier.
__________________
Proud member of Unite

Alt 19.10.2014, 21:37   #5
atarianer69
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



FRST Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by Lupser at 2014-10-19 21:27:52
Running from C:\Users\Lupser\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.11.2 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2AE2789B-454A-0A8D-D848-38F1F7070C73}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AVerMedia H830 USB Hybrid TV 10.0.64.24 (HKLM-x32\...\AVerMedia H830 USB Hybrid TV) (Version: 10.0.64.24 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia Media Center Plug-ins 2.0.8.0 (HKLM-x32\...\AVerMedia Media Center Plug-ins) (Version: 2.0.8.0 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (x32 Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.18.8 - Broadcom Corporation)
Capture One 6.4 (HKLM\...\CaptureOne6_is1) (Version: 6.4.65508.156 - Phase One A/S)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Free YouTube to MP3 Converter version 3.12.19.1219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version:  - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
RAMDisk (HKLM-x32\...\{DD770CA4-748B-40E5-9EEE-774A9509D07E}) (Version: 4.4.0.19 - Dataram, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
SanDisk SSD Toolkit 1.0.0.1 (HKLM-x32\...\{26326B5B-3D62-4C12-8841-6B55A19B552D}_is1) (Version: 1.0.0.1 - SanDisk Corporation)
SIW 2013 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2013.05.14 - Topala Software Solutions)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4100 - Broadcom Corporation)
Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010  - Leaf Imaging Ltd.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2165232648-2442442897-670147972-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

19-10-2014 17:35:54 OTL Restore Point - 19.10.2014 19:35:54

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14EA254E-C1BB-4434-B224-293526E0D509} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {41E0EA4A-D543-4B86-A155-858D7D34564E} - System32\Tasks\Core Temp Autostart Lupser => C:\Program Files\Core Temp\Core Temp.exe [2013-10-08] ()
Task: {5172A120-B4E7-4010-9105-0DE6AE46B011} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6D1DA398-E1F8-4C45-AFA5-610E2080AC4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {789BB542-05B6-4539-BA6C-D9022362F061} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {79CE67CC-DCEB-415B-BFA7-A17C2AC9BB77} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {9432FF6C-C696-473D-84A9-CC83B5F10A72} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {EB52D4B8-1FEF-4CD9-AF99-B817B2132DEB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FF282900-847D-4D43-90D8-8CB11046C6CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-27 16:20 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-05-06 19:39 - 2008-12-09 20:01 - 00405504 ____R () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2014-04-27 18:34 - 2013-10-08 13:23 - 00890016 _____ () C:\Program Files\Core Temp\Core Temp.exe
2014-04-27 20:22 - 2010-01-13 10:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-04-27 18:37 - 2014-04-27 18:37 - 00006144 _____ () C:\Users\Lupser\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\CoreTempReader.dll
2014-04-27 18:37 - 2014-04-27 18:37 - 00008704 _____ () C:\Users\Lupser\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\GetCoreTempInfoNET.dll
2014-04-27 18:37 - 2014-04-27 18:37 - 00007680 _____ () C:\Users\Lupser\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\SystemInfo.dll
2014-05-06 19:40 - 2009-07-31 13:06 - 00155648 ____R () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2165232648-2442442897-670147972-500 - Administrator - Disabled)
Gast (S-1-5-21-2165232648-2442442897-670147972-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2165232648-2442442897-670147972-1002 - Limited - Enabled)
Lupser (S-1-5-21-2165232648-2442442897-670147972-1000 - Administrator - Enabled) => C:\Users\Lupser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/19/2014 09:14:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 56%
Total physical RAM: 3958.71 MB
Available physical RAM: 1732.73 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 5393.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Sandisk SSD 128GB) (Fixed) (Total:117.28 GB) (Free:81.47 GB) NTFS
Drive e: (RAM Disk) (Fixed) (Total:1 GB) (Free:0.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117.4 GB) (Disk ID: 8D1E4939)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1 GB) (Disk ID: 3CDBBF43)
Partition 1: (Not Active) - (Size=1021 MB) - (Type=07 NTFS)

==================== End Of Log ============================
         

OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 19.10.2014 19:33:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lupser\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 42,70% Memory free
7,73 Gb Paging File | 5,02 Gb Available in Paging File | 64,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,28 Gb Total Space | 82,02 Gb Free Space | 69,93% Space Free | Partition Type: NTFS
Drive E: | 1021,00 Mb Total Space | 988,11 Mb Free Space | 96,78% Space Free | Partition Type: NTFS
 
Computer Name: GRAUER_FALTER | User Name: Lupser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C9685BF-14C4-4B89-92F8-502CFB0E2E06}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1FBF0F4B-F76F-4587-8F03-1EF150CC464B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{35C24C02-4A77-4A81-9054-EFECE0514394}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{444DE652-1577-4156-902E-F46E1D1275F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{54540509-858B-4416-9CC5-6FD01175B8F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{59C220B6-F71B-460D-9007-DEA2DD9E5292}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5A47B897-2735-43AF-96D7-5A4848CF3113}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{68B72194-9F82-4122-8558-6545DB9491AC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{74BD81EB-8A8D-4DB1-98CD-638FEE497181}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{875E3303-AFE2-4A9C-B0B2-0BB1BB35BB72}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B8EC7A4-4BAE-4B9C-972A-BDE54A43808B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9056C99B-67E4-483F-ABA1-5D45DDB4F5EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{92CD94DB-FB1F-4240-8328-33B11372F8D6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{958EC3FA-C2A8-466B-A057-956C6E62AA9F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1D2D65B-750D-4504-9099-75DCF8EAFC76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7ED00B9-DE1E-40F8-A4A8-1C45926641CD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AAD73084-8728-4191-9348-00F271C33670}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{B99E64E3-701D-4C6C-A423-3D4E7AD8FD9F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D138ED58-D9F6-47EC-AA81-3DFA57EF4652}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D26224A5-9A8C-4E76-812D-563C7F75B32B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DCEB883C-2EA4-497D-A47C-6DA2C8A74E30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E348DCAE-54D7-4B11-AC91-9EFBF65C9E29}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{132B71F3-AD5E-47DF-BBC8-5960DDB077A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{206D155C-BBB1-4D35-A4F1-443E53C4B4DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32E54D5B-D62E-45F9-B7D6-25E947B6E36D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6688D22B-7FE1-4D82-89AD-CB60A7204643}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{694F0E99-2699-471B-8415-F5BA9DF7AA6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EA2B0CA-C265-4717-BBB4-39FAB263AB50}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{868098EE-0E52-4DFF-8FC4-8E0F65BDF674}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{88E6BD5D-5F00-4150-84C8-60C0C81425ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9BB6C467-7410-4E36-82EF-146B28418A2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E505F31-A7D5-42DB-B21E-3F65C5A98BD9}" = protocol=6 | dir=out | app=system | 
"{ADAA6E6D-3847-42E8-8683-611452AACC41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B1D1D8CC-24CF-4056-B8C2-95488E76BA9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B3413C53-5E2A-49FA-96D1-3F5AFFAD1E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BF5DC408-7AC6-4410-9E9D-9B30234866B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC0C49F0-C024-4555-A48B-BB22A06D5E62}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CE9BB0F1-C1D0-418A-AB42-A5CD1058505A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D4776AC7-8263-40D3-A9E9-B98354500B67}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D58E3AE1-834D-484A-96FD-DA238C406BED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DBA8AFE6-1011-4B20-BB3C-FA8CBE18F69E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E56251F8-A246-4A67-8B82-BFA49E96DDBA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F083BA4C-6FF4-4B36-A249-6D770DC2F97B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F3BB0B14-1E49-4460-944D-16D9F6DF5930}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F3C74EE6-09F4-40DE-B581-B8CE34AE6A96}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{F1548C98-0D28-4EA6-9707-679997483737}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ps3 media server\jre64\bin\javaw.exe | 
"UDP Query User{9911A640-9CA3-40B4-BC49-FC88D00E8532}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ps3 media server\jre64\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00429B60-6F21-F75E-897F-EEA37B56C806}" = AMD Media Foundation Decoders
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC6
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft-Maus- und Tastatur-Center
"{2AE2789B-454A-0A8D-D848-38F1F7070C73}" = AMD Catalyst Install Manager
"{5AD06A0A-1B07-F618-B880-688FCDE74079}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{BA8E03A9-BEFD-C9AB-7B1F-6F58BB9545D3}" = AMD Drag and Drop Transcoding
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F9D06DFC-32E9-F40A-230C-9673E8DDC2F6}" = ccc-utility64
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 )
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CaptureOne6_is1" = Capture One 6.4
"CCleaner" = CCleaner
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0201CB85-955D-60E0-4EC0-380D3B7FB80E}" = CCC Help Thai
"{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}" = OpenOffice 4.0.1
"{1456C739-DD89-70D6-E2C0-AF5CDDA5D90F}" = CCC Help Chinese Traditional
"{20B0DF0F-10F7-64EF-4EA0-C82642223AC2}" = CCC Help Russian
"{26326B5B-3D62-4C12-8841-6B55A19B552D}_is1" = SanDisk SSD Toolkit 1.0.0.1
"{265F885E-107E-A142-500D-5E86D3176D2F}" = CCC Help Greek
"{38136734-7051-347E-59C7-FF6CB35543ED}" = Catalyst Control Center InstallProxy
"{3960C198-FEC4-C593-2248-0A5FDB8FF88A}" = CCC Help Hungarian
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4665F775-11B5-AEFB-8861-47703834248B}" = CCC Help German
"{46A2018B-3954-0B0C-F5EE-FDB07E405889}" = CCC Help Korean
"{4A3BFBE9-1FDD-E558-025E-E296E8F3CA34}" = Catalyst Control Center Localization All
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{553C9E3C-CC38-3C7B-4188-23C747273237}" = CCC Help Danish
"{5C4C1F60-F86D-0494-C496-42B1B16DBEBC}" = Catalyst Control Center
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6A4A9DC2-AC2E-BAA4-FB72-5B09B444D4C9}" = CCC Help English
"{6BB6DA0C-58DB-0163-E446-2B315041B4FC}" = CCC Help Polish
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7E94B0E5-83E6-F980-F81E-2E74655DE671}" = CCC Help French
"{7FB95D00-6B0C-5075-B689-1F8F50024CC0}" = Catalyst Control Center Graphics Previews Common
"{8DC71E37-9530-10E1-F73D-8E6880A17C26}" = CCC Help Finnish
"{8F05F450-C755-F948-C218-7788DC4F51F7}" = CCC Help Japanese
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A103196A-792C-A348-F6E5-0DCB33DC6D0A}" = CCC Help Norwegian
"{A30B38FA-99DA-97DD-F8DB-F8252C140651}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2013 Home Edition
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Deutsch
"{B6F6F91F-CEE7-0030-3436-5DDDB1B07046}" = CCC Help Dutch
"{C127399A-BFB5-C9C2-F1D7-89E4C27AAF99}" = CCC Help Turkish
"{DD770CA4-748B-40E5-9EEE-774A9509D07E}" = RAMDisk
"{E1B9CA9C-4403-184D-1FDC-647D360664C6}" = CCC Help Italian
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E34CBAE0-5464-0542-5761-DEA44B32B5C0}" = CCC Help Czech
"{E44C0D5F-CAD6-80AE-5686-3F6C0AA1440E}" = CCC Help Swedish
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EC6663B3-177C-3484-12A5-24B37983AAC2}" = CCC Help Chinese Standard
"{ED110DBC-19EC-6243-F26B-162DB415F19E}" = CCC Help Spanish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"AVerMedia H830 USB Hybrid TV" = AVerMedia H830 USB Hybrid TV 10.0.64.24
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 2.0.8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"DC-Bass Source" = DC-Bass Source 1.3.0
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.19.1219
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HaaliMkx" = Haali Media Splitter
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"LAME_is1" = LAME v3.99.3 (for Windows)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"PS3 Media Server" = PS3 Media Server
"vsfilter_is1" = DirectVobSub 2.40.4209
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.10.2014 13:15:02 | Computer Name = Grauer_Falter | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.10.2014 13:35:56 | Computer Name = Grauer_Falter | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 MBAMScheduler since QueryServiceConfig API failed  System Error: Das System kann die
 angegebene Datei nicht finden.  .
 
Error - 19.10.2014 13:35:56 | Computer Name = Grauer_Falter | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 MBAMService since QueryServiceConfig API failed  System Error: Das System kann die
 angegebene Datei nicht finden.  .
 
[ System Events ]
Error - 19.10.2014 13:12:33 | Computer Name = Grauer_Falter | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 19.10.2014 13:12:33 | Computer Name = Grauer_Falter | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 19.10.2014 13:12:33 | Computer Name = Grauer_Falter | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 19.10.2014 13:14:44 | Computer Name = Grauer_Falter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 19.10.2014 13:14:46 | Computer Name = Grauer_Falter | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 19.10.2014 13:14:46 | Computer Name = Grauer_Falter | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
 
< End of report >
         


Alt 19.10.2014, 21:42   #6
Machiavelli
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Und jetzt noch die Logs zu AdwareCleaner, JRT und Malwarebytes. Dann haben wir die Grundlagen um eine sachgerechte Diagnose stellen zu können.
__________________
--> Google Suche in Chrome wird umgeleitet

Alt 19.10.2014, 22:08   #7
atarianer69
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Adwcleaner:

Code:
ATTFilter
# AdwCleaner v4.000 - Bericht erstellt am 19/10/2014 um 21:56:55
# Aktualisiert 12/10/2014 von Xplode
# Datenbank : 2014-10-19.11
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lupser - GRAUER_FALTER
# Gestartet von : C:\Users\Lupser\Desktop\adwcleaner_4.000.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [1137 octets] - [19/10/2014 17:04:25]
AdwCleaner[R1].txt - [989 octets] - [19/10/2014 17:15:32]
AdwCleaner[R2].txt - [1018 octets] - [19/10/2014 17:34:24]
AdwCleaner[R3].txt - [1076 octets] - [19/10/2014 21:50:11]
AdwCleaner[R4].txt - [878 octets] - [19/10/2014 21:56:55]
AdwCleaner[S0].txt - [1139 octets] - [19/10/2014 17:10:55]
AdwCleaner[S1].txt - [1041 octets] - [19/10/2014 17:19:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1057 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lupser on 19.10.2014 at 21:52:52,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.10.2014 at 21:55:39,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.10.2014
Suchlauf-Zeit: 21:59:02
Logdatei: malware.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.09.19.05
Rootkit Datenbank: v2014.10.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lupser

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 302365
Verstrichene Zeit: 7 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
...nicht so ergiebig... Der 2. PC hat das geiche Problem :-(

Alt 19.10.2014, 22:15   #8
Machiavelli
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Zitat:
2014-10-19 19:43 - 2014-10-19 19:43 - 00000000 ____D () C:\_OTL
Wer hat wann, wo, wie mit OTL rumgefixt?

Schlechte Nachricht, die Logs sehen merkwürdigerweise clean aus. Das könnte bedeuten, dass das Problem durch was Großes (BackDoor, RootKit, etc.) verursacht worden sind oder nur Chrome "defekt" ist.

Bitte folge den Anweisungen hier um Chrome zu resetten.

Problem behoben?

Oder:
Zitat:
Der 2. PC hat das geiche Problem :-(
Könnte bedeuten, man müsste nur den Rooter resetten.
__________________
Proud member of Unite

Alt 19.10.2014, 22:34   #9
atarianer69
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Hallo, der Reset von Chrome hat nichts gebracht. Habe im IE mal über Google gesucht und das betreffende Suchergebnis wird auch dort umgeleitet :-( Rooter resetten? Ein/Aus oder komplett alles neu eintragen?

Habe nach " Olbrich Foto" gesucht und dann nach den Fotos den 1. Link angeklickt. Der nächste Link verbindet ordnungsgemäß...

Alt 19.10.2014, 22:35   #10
Machiavelli
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Versuch mal ein und aus, und teste dann mal.
__________________
Proud member of Unite

Alt 19.10.2014, 22:58   #11
atarianer69
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Zitat:
Zitat von atarianer69 Beitrag anzeigen
Hallo, der Reset von Chrome hat nichts gebracht. Habe im IE mal über Google gesucht und das betreffende Suchergebnis wird auch dort umgeleitet :-( Rooter resetten? Ein/Aus oder komplett alles neu eintragen?

Habe nach " Olbrich Foto" gesucht und dann nach den Fotos den 1. Link angeklickt. Der nächste Link verbindet ordnungsgemäß...
Könnte es sein, daß die betreffende Seite selbst gehackt ist? Habe sonst kein Problem festgestellt bisher...

Ein/Aus bringt nix. Könntest Du bitte selbst mal den betreffenden Ergebnislink testen?

Es ist direkt der unter den Fotokacheln.

Also es scheint die Seite selbst zu sein. Andere Suchergebnisse sind bisher OK. Auf dem Firmenlaptop startet auch die splitter.microxml.net-Seite und verbindet dann auf Werbeseiten... Wie hoch ist die Gefahr, daß man durch Besuch der Seite selbst infiziert wird?

Alt 20.10.2014, 00:36   #12
Machiavelli
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Das erste Ergebnis leitet mich nicht um. Ich habe mal recherchiert, und geschaut, was Kollegen so machen.

1. Schalte denn Router für 30 Min aus und dann wieder ein. Ist das Problem gelöst? Wenn nicht, fahre mit 2. fort.

2.
Router auf Werkseinstellungen zurücksetzen, Verbindungsdaten neu eingeben.

Dann ALLE Browser einmal komplett zurücksetzen.
__________________
Proud member of Unite

Alt 20.10.2014, 17:32   #13
atarianer69
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Habe heute an der Arbeit mal an einem beliebigen Rechner die gefundene Seite im Google angeklickt. Auch dort sprang die Umleitung an. Entweder ist alles verseucht, oder die Seite auf die verbunden wird führt irgendwelchen Code aus. Spybot hat noch 2 Registryeinträge ,w3i.iq5.fraud und freeze, gefunden und gepatcht. Trotzdem Danke für die Tipps und wenn es bei weiteren links auftritt, zieh ich Punkt 2 in Betracht!

Alt 20.10.2014, 20:20   #14
Machiavelli
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Kannst Du mir den Link per PN schicken?

OK, leitet bei mir auch um.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Proud member of Unite

Alt 20.10.2014, 20:54   #15
atarianer69
 
Google Suche in Chrome wird umgeleitet - Standard

Google Suche in Chrome wird umgeleitet



Hab Antivir gestoppt und Windows Firewall aus. ESET fragt immerzu , ob ich Proxy anhätte (nein), weil die Updates nicht funktionieren.... Versteh ich nicht. Surfen funzt 1A.

Antwort

Themen zu Google Suche in Chrome wird umgeleitet
adobe, antivirupdate, ask-toolbar, chrome umleitung suchergebnisse, deinstalliert, diverse, gefunde, gestern, google, installier, installiert, java, malwarebytes, neu, nichts, problem, ratlos, suche, suchergebnisse, tools, umgeleitet, updates, urlaub, werbeseite, werbeseiten, win, win7



Ähnliche Themen: Google Suche in Chrome wird umgeleitet


  1. Google Chrome bei jeder Suche trackid=sp-006
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (13)
  2. ?trackid=sp-006 bei jeder Google Suche in Chrome
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (37)
  3. sowohl mit Firefox als auch mit Explorer bei Google Suche auf falsche Seiten umgeleitet
    Log-Analyse und Auswertung - 06.11.2013 (12)
  4. Windows 7: Webseiten werden nach Google Suche auf kommerzielle Seiten umgeleitet
    Log-Analyse und Auswertung - 07.09.2013 (27)
  5. 2x Windows 7: Webseiten werden nach Google Suche auf kommerzielle Seiten umgeleitet
    Mülltonne - 17.08.2013 (1)
  6. Google-Suche wird umgeleitet
    Log-Analyse und Auswertung - 11.08.2013 (15)
  7. Browser hat immer script akamaihd.net, Google Suche wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (34)
  8. Werde ständig umgeleitet zu dubiosen Seiten bei Google-Suche
    Log-Analyse und Auswertung - 19.02.2013 (45)
  9. Google-Suche wird umgeleitet auf rocketnews
    Plagegeister aller Art und deren Bekämpfung - 23.06.2012 (16)
  10. Win 7, IE, Google Suche wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (19)
  11. Google-Suche wird auf "Hooot.com" umgeleitet
    Log-Analyse und Auswertung - 23.01.2012 (23)
  12. google suche wird Umgeleitet
    Log-Analyse und Auswertung - 30.04.2011 (1)
  13. Google Suche - Seiten werden umgeleitet Security Tool
    Log-Analyse und Auswertung - 29.11.2010 (17)
  14. Rootkit eingefangen, Google-Suche wird umgeleitet!
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (3)
  15. Google suche: Links werden auf Werbeseiten umgeleitet
    Log-Analyse und Auswertung - 03.12.2009 (4)
  16. Opera Hijacked|Google Suche wird umgeleitet
    Log-Analyse und Auswertung - 12.02.2009 (0)
  17. Google wird umgeleitet
    Log-Analyse und Auswertung - 03.03.2006 (4)

Zum Thema Google Suche in Chrome wird umgeleitet - Hallo, ich habe seit gestern das Problem, dass meine Suchergebnisse in Google Chrome immer auf splitter.microxml.net und dann auf irgendwelche Werbeseiten umgeleitet werden. Habe nach Urlaub Antivirupdate gemacht, WIN7 hat - Google Suche in Chrome wird umgeleitet...
Archiv
Du betrachtest: Google Suche in Chrome wird umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.