| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira und AntiMalware hatten schon wieder fundeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.11.2014, 10:45
| #16 |
| /// the machine /// TB-Ausbilder    |  Avira und AntiMalware hatten schon wieder funde Avira Cleaner auch laufen lassen? Dieses Drecks Avira geht mir so richtig auf die Nüsse. Avira Cleaner laufen lassen, dann bitte ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2014, 12:01
| #17 |
 | Avira und AntiMalware hatten schon wieder funde kann es sein dass das einfach das neue antivir is und ich bei drauf habe?
__________________ |
|
06.12.2014, 09:24
| #18 |
| /// the machine /// TB-Ausbilder | Avira und AntiMalware hatten schon wieder funde und? es is doch egal ob neues oder altes Antivir, wenn Du das deinstallierst MUSS das weg sein. Technisch gar nicht anders möglich.
__________________
__________________ |
|
08.12.2014, 20:41
| #19 |
| | Avira und AntiMalware hatten schon wieder funde ich habe es bereits zwei mal deinstalliert und es ist dennoch drauf. ebenso auf meinem laptop. ich deinstalliere es nochmal. was soll ich machen, wenn es immer noch drauf ist. und nochmal danke für deine hilfe =) |
|
09.12.2014, 16:12
| #20 |
| /// the machine /// TB-Ausbilder | Avira und AntiMalware hatten schon wieder funde Deinstalliere es nochmal, dann: Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.12.2014, 02:39
| #21 |
| | Avira und AntiMalware hatten schon wieder fundeCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 02:33 on 11/12/2014 by Basti
Administrator - Elevation successful
========== folderfind ==========
Searching for "*Avira*"
C:\Dokumente und Einstellungen\All Users\Avira d------ [16:36 11/07/2013]
C:\Dokumente und Einstellungen\All Users\Avira\My Avira d------ [11:10 26/11/2014]
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0345f91d d----c- [01:14 30/08/2014]
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03c61b4d d----c- [15:08 11/09/2014]
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03fcae67 d----c- [17:32 14/11/2014]
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dd254d3 d----c- [02:50 29/08/2014]
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dffbeeb d----c- [21:39 13/08/2014]
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0e399d67 d----c- [02:30 20/11/2014]
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0fa27d88 d----c- [05:23 20/08/2014]
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_1072ff64 d----c- [14:38 31/10/2014]
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_10b2c1c8 d----c- [10:48 20/08/2014]
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Avira d------ [16:43 11/07/2013]
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com d------ [11:28 24/11/2014]
C:\Program Files (x86)\Avira d------ [16:36 11/07/2013]
C:\Program Files (x86)\Avira\My Avira d------ [11:29 24/11/2014]
C:\ProgramData\Avira d------ [16:36 11/07/2013]
C:\ProgramData\Avira\My Avira d------ [11:10 26/11/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0345f91d d----c- [01:14 30/08/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03c61b4d d----c- [15:08 11/09/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03fcae67 d----c- [17:32 14/11/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dd254d3 d----c- [02:50 29/08/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dffbeeb d----c- [21:39 13/08/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0e399d67 d----c- [02:30 20/11/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0fa27d88 d----c- [05:23 20/08/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_1072ff64 d----c- [14:38 31/10/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_10b2c1c8 d----c- [10:48 20/08/2014]
C:\Users\All Users\Avira d------ [16:36 11/07/2013]
C:\Users\All Users\Avira\My Avira d------ [11:10 26/11/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0345f91d d----c- [01:14 30/08/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03c61b4d d----c- [15:08 11/09/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03fcae67 d----c- [17:32 14/11/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dd254d3 d----c- [02:50 29/08/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dffbeeb d----c- [21:39 13/08/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0e399d67 d----c- [02:30 20/11/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0fa27d88 d----c- [05:23 20/08/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_1072ff64 d----c- [14:38 31/10/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_10b2c1c8 d----c- [10:48 20/08/2014]
C:\Users\Basti\AppData\Roaming\Avira d------ [16:43 11/07/2013]
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com d------ [11:28 24/11/2014]
========== filefind ==========
Searching for "*Avira*"
C:\Dokumente und Einstellungen\All Users\Package Cache\010FB1665D87DC9B3C320B700E39119F5B9FCC9F\Avira.OE.Setup.Prerequisites.exe --a---- 87288 bytes [14:17 22/10/2014] [14:17 22/10/2014] 934B1AE554529D5EE6965C0115A8174C
C:\Dokumente und Einstellungen\All Users\Package Cache\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}v1.1.25.25607\Avira.OE.Setup.Msi.msi --a---- 4026368 bytes [14:18 22/10/2014] [14:18 22/10/2014] EEAA9F26D999BB0E5480AC6344B1BDDF
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\abs_avira_umbrella_white.svg ------- 1757 bytes [11:28 24/11/2014] [15:39 12/11/2014] D1A2DF87A809DEA421F2FA1F0B11BB73
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon128.png ------- 4442 bytes [11:28 24/11/2014] [15:39 12/11/2014] A1A1F1921BECC79B74508A64654AD6C5
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon16.png ------- 601 bytes [11:28 24/11/2014] [15:39 12/11/2014] 865D261767EB0251D5C9F2B2F997A365
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon24.png ------- 857 bytes [11:28 24/11/2014] [15:39 12/11/2014] 3BB83ADF4CCD38A7762B341C08802686
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon32.png ------- 1922 bytes [11:28 24/11/2014] [15:39 12/11/2014] 0493D466B17ECF18FBA2976478B62E5A
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon48.png ------- 1659 bytes [11:28 24/11/2014] [15:39 12/11/2014] 2911CA095E91B581E5BEA58233A65363
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo.png ------- 1423 bytes [11:28 24/11/2014] [15:39 12/11/2014] ADAF25D72D2468FC83CA9FFE5D55819C
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo.svg ------- 1014 bytes [11:28 24/11/2014] [15:39 12/11/2014] C9238133E73B7C42EA5C05BB502B2B4C
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo32.png ------- 1280 bytes [11:28 24/11/2014] [15:39 12/11/2014] 69EE6C2D132E5A64C22CE1AE0ED77DDB
C:\Dokumente und Einstellungen\Public\Desktop\Avira Control Center.lnk --a---- 2072 bytes [16:37 11/07/2013] [16:37 11/07/2013] 3B11D448BA4B30418C1FDE21E50BBA6F
C:\Program Files (x86)\Avira\AntiVir Desktop\avira-sparberater-win.msi --a---- 610304 bytes [12:56 18/02/2014] [12:55 18/02/2014] 8350BA2E8E0BE877B0425EF32A701EE4
C:\Program Files (x86)\Avira\AntiVir Desktop\avira_de____fm.exe --a---- 4586672 bytes [08:30 07/08/2014] [15:56 18/11/2014] 90B0B5534700963525AEFE9D21F9C2C0
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe --a---- 1291696 bytes [16:37 11/07/2013] [12:48 20/06/2013] AE88282D08916C00A324F6A269924EA9
C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnector.dll --a---- 44280 bytes [14:16 22/10/2014] [14:16 22/10/2014] 2B72D9C228B1F46381A311398ED6B634
C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnector.Interface.dll --a---- 20272 bytes [14:16 22/10/2014] [14:16 22/10/2014] 0ABCBEA484774C3D212CD60D1ED431BB
C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll --a---- 67888 bytes [14:16 22/10/2014] [14:16 22/10/2014] 9D3543CFA4EF25FDB09475F78F950B01
C:\Program Files (x86)\Avira\My Avira\Avira.OE.BrowserExtensionConnector.dll --a---- 31992 bytes [14:16 22/10/2014] [14:16 22/10/2014] 1FCB513C740D805AC9AE57929A7901F9
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Communicator.dll --a---- 82736 bytes [14:16 22/10/2014] [14:16 22/10/2014] 0393CC37E8E2FB093AA36A3AD1E2B941
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Communicator.Interface.dll --a---- 19192 bytes [14:16 22/10/2014] [14:16 22/10/2014] 8FDAA7C11D07CF1F01B8260906C74CF7
C:\Program Files (x86)\Avira\My Avira\Avira.OE.DropboxConnector.dll --a---- 18168 bytes [14:16 22/10/2014] [14:16 22/10/2014] FB4DE2BDC7AD3AC087C8ED59F9CE9161
C:\Program Files (x86)\Avira\My Avira\Avira.OE.DropboxConnector.Interface.dll --a---- 12024 bytes [14:16 22/10/2014] [14:16 22/10/2014] 51C1D0EB39746A3FBF5D4586FB18EABB
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ExtApi.dll --a---- 52528 bytes [14:16 22/10/2014] [14:16 22/10/2014] 80B1F46704D6E08EE1E6ECC18AEDEC49
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Messenger.exe --a---- 78640 bytes [14:16 22/10/2014] [14:16 22/10/2014] B454B1B9F4863EC7DEC39BD6A167BCDF
C:\Program Files (x86)\Avira\My Avira\Avira.OE.MiniGui.dll --a---- 1006384 bytes [14:16 22/10/2014] [14:16 22/10/2014] 9ABBF0562DB66018831AA4DC13EF9F86
C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll --a---- 141048 bytes [14:16 22/10/2014] [14:16 22/10/2014] 1ADB591D4201DE67FBCFBD26E32F84EF
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe --a---- 164656 bytes [14:16 22/10/2014] [14:16 22/10/2014] F21955927D1C99206A8B91DE2CCE85E1
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe.config --a---- 2486 bytes [14:12 22/10/2014] [14:12 22/10/2014] 2351677B32B08D89382D237B48EB1805
C:\Program Files (x86)\Avira\My Avira\Avira.OE.SpeedupConnector.dll --a---- 34096 bytes [14:16 22/10/2014] [14:16 22/10/2014] 91F3A84DBAB1237552F56A7C4EEAAF7F
C:\Program Files (x86)\Avira\My Avira\Avira.OE.SpeedupConnector.Interface.dll --a---- 14128 bytes [14:16 22/10/2014] [14:16 22/10/2014] 82AD861813B4F8CDACC3708D734D5D67
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe --a---- 124208 bytes [14:16 22/10/2014] [14:16 22/10/2014] 5909C378DF9132FC91F50AF70A53455A
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe.config --a---- 687 bytes [14:12 22/10/2014] [14:12 22/10/2014] 75FA463D0C066DCED31667757E20DC55
C:\Program Files (x86)\Avira\My Avira\Avira.OE.WinCore.dll --a---- 199472 bytes [14:16 22/10/2014] [14:16 22/10/2014] 89024A62892D315D0DAAE8BD08FFB904
C:\Program Files (x86)\Avira\My Avira\Avira.OE.WinCore.Interface.dll --a---- 83704 bytes [14:16 22/10/2014] [14:16 22/10/2014] 4FE86471E39375FE0A700F74282C6070
C:\Program Files (x86)\Avira\My Avira\de-DE\Avira.OE.MiniGui.resources.dll --a---- 14072 bytes [14:16 22/10/2014] [14:16 22/10/2014] 3914F3FF8940375B59DA1580F3D36154
C:\Program Files (x86)\Avira\My Avira\de-DE\Avira.OE.ServiceHost.resources.dll --a---- 11512 bytes [14:16 22/10/2014] [14:16 22/10/2014] A3A90DC939DA27020E938F5547E20387
C:\Program Files (x86)\Avira\My Avira\de-DE\Avira.OE.Systray.resources.dll --a---- 11512 bytes [14:16 22/10/2014] [14:16 22/10/2014] 3EB75FF101DDC33D5BB6D7E1CD7B3265
C:\Program Files (x86)\Avira\My Avira\en-US\Avira.OE.MiniGui.resources.dll --a---- 10032 bytes [14:16 22/10/2014] [14:16 22/10/2014] 5EFB1A242D744075DD52A830C6A03A5B
C:\Program Files (x86)\Avira\My Avira\en-US\Avira.OE.ServiceHost.resources.dll --a---- 11000 bytes [14:16 22/10/2014] [14:16 22/10/2014] AB5A407CD26ED7E3115B7872D810D142
C:\Program Files (x86)\Avira\My Avira\en-US\Avira.OE.Systray.resources.dll --a---- 10032 bytes [14:16 22/10/2014] [14:16 22/10/2014] C897680360670D299770C9A13889063A
C:\Program Files (x86)\Avira\My Avira\es-ES\Avira.OE.MiniGui.resources.dll --a---- 14072 bytes [14:17 22/10/2014] [14:17 22/10/2014] BA16D358B4E5820B051C71C15D7301A1
C:\Program Files (x86)\Avira\My Avira\es-ES\Avira.OE.ServiceHost.resources.dll --a---- 10544 bytes [14:17 22/10/2014] [14:17 22/10/2014] F7CD628F251E803A6CAD370D0DCC5D3D
C:\Program Files (x86)\Avira\My Avira\es-ES\Avira.OE.Systray.resources.dll --a---- 11512 bytes [14:16 22/10/2014] [14:16 22/10/2014] 11678D3F14F49B570D2B92985BEC2244
C:\Program Files (x86)\Avira\My Avira\fr-FR\Avira.OE.MiniGui.resources.dll --a---- 14584 bytes [14:17 22/10/2014] [14:17 22/10/2014] 9795F3E290E94E5CC1BF9AB60E1113BF
C:\Program Files (x86)\Avira\My Avira\fr-FR\Avira.OE.ServiceHost.resources.dll --a---- 11512 bytes [14:17 22/10/2014] [14:17 22/10/2014] C6148AC6E491E11B77E5756EF6C97E18
C:\Program Files (x86)\Avira\My Avira\fr-FR\Avira.OE.Systray.resources.dll --a---- 10544 bytes [14:17 22/10/2014] [14:17 22/10/2014] 233A6EB06B61ABF8E93258F3DAEC7D06
C:\Program Files (x86)\Avira\My Avira\it-IT\Avira.OE.MiniGui.resources.dll --a---- 14072 bytes [14:17 22/10/2014] [14:17 22/10/2014] 3696643536AC52EB5F45F8541C92D4CF
C:\Program Files (x86)\Avira\My Avira\it-IT\Avira.OE.ServiceHost.resources.dll --a---- 11512 bytes [14:17 22/10/2014] [14:17 22/10/2014] 01B4C17BB0C7E6ACA74E653B1D7E5F8F
C:\Program Files (x86)\Avira\My Avira\it-IT\Avira.OE.Systray.resources.dll --a---- 11512 bytes [14:17 22/10/2014] [14:17 22/10/2014] C35A05B1B2236D62B07E109044D45AE1
C:\Program Files (x86)\Avira\My Avira\pt-BR\Avira.OE.MiniGui.resources.dll --a---- 13104 bytes [14:17 22/10/2014] [14:17 22/10/2014] 49092E6B9205ED3ADFF6E90EE5980BEE
C:\Program Files (x86)\Avira\My Avira\pt-BR\Avira.OE.ServiceHost.resources.dll --a---- 11000 bytes [14:17 22/10/2014] [14:17 22/10/2014] 1FBC756A21836294F3BFED8ED8C771DD
C:\Program Files (x86)\Avira\My Avira\pt-BR\Avira.OE.Systray.resources.dll --a---- 10544 bytes [14:17 22/10/2014] [14:17 22/10/2014] 522FA4840335C3401E456A11F823AB0E
C:\Program Files (x86)\Avira\My Avira\ru-RU\Avira.OE.MiniGui.resources.dll --a---- 15096 bytes [14:17 22/10/2014] [14:17 22/10/2014] 49A68EA5C965DD7F8F962CA934D5590C
C:\Program Files (x86)\Avira\My Avira\ru-RU\Avira.OE.ServiceHost.resources.dll --a---- 10544 bytes [14:17 22/10/2014] [14:17 22/10/2014] 1B1612FA90845E874BAD2FB17ECEB372
C:\Program Files (x86)\Avira\My Avira\ru-RU\Avira.OE.Systray.resources.dll --a---- 10544 bytes [14:17 22/10/2014] [14:17 22/10/2014] 2BDA3BAE7DCAAD21D8C5B71CF827554A
C:\ProgramData\Package Cache\010FB1665D87DC9B3C320B700E39119F5B9FCC9F\Avira.OE.Setup.Prerequisites.exe --a---- 87288 bytes [14:17 22/10/2014] [14:17 22/10/2014] 934B1AE554529D5EE6965C0115A8174C
C:\ProgramData\Package Cache\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}v1.1.25.25607\Avira.OE.Setup.Msi.msi --a---- 4026368 bytes [14:18 22/10/2014] [14:18 22/10/2014] EEAA9F26D999BB0E5480AC6344B1BDDF
C:\Users\All Users\Package Cache\010FB1665D87DC9B3C320B700E39119F5B9FCC9F\Avira.OE.Setup.Prerequisites.exe --a---- 87288 bytes [14:17 22/10/2014] [14:17 22/10/2014] 934B1AE554529D5EE6965C0115A8174C
C:\Users\All Users\Package Cache\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}v1.1.25.25607\Avira.OE.Setup.Msi.msi --a---- 4026368 bytes [14:18 22/10/2014] [14:18 22/10/2014] EEAA9F26D999BB0E5480AC6344B1BDDF
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\abs_avira_umbrella_white.svg ------- 1757 bytes [11:28 24/11/2014] [15:39 12/11/2014] D1A2DF87A809DEA421F2FA1F0B11BB73
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon128.png ------- 4442 bytes [11:28 24/11/2014] [15:39 12/11/2014] A1A1F1921BECC79B74508A64654AD6C5
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon16.png ------- 601 bytes [11:28 24/11/2014] [15:39 12/11/2014] 865D261767EB0251D5C9F2B2F997A365
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon24.png ------- 857 bytes [11:28 24/11/2014] [15:39 12/11/2014] 3BB83ADF4CCD38A7762B341C08802686
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon32.png ------- 1922 bytes [11:28 24/11/2014] [15:39 12/11/2014] 0493D466B17ECF18FBA2976478B62E5A
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_icon48.png ------- 1659 bytes [11:28 24/11/2014] [15:39 12/11/2014] 2911CA095E91B581E5BEA58233A65363
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo.png ------- 1423 bytes [11:28 24/11/2014] [15:39 12/11/2014] ADAF25D72D2468FC83CA9FFE5D55819C
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo.svg ------- 1014 bytes [11:28 24/11/2014] [15:39 12/11/2014] C9238133E73B7C42EA5C05BB502B2B4C
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com\img\avira_logo32.png ------- 1280 bytes [11:28 24/11/2014] [15:39 12/11/2014] 69EE6C2D132E5A64C22CE1AE0ED77DDB
C:\Users\Public\Desktop\Avira Control Center.lnk --a---- 2072 bytes [16:37 11/07/2013] [16:37 11/07/2013] 3B11D448BA4B30418C1FDE21E50BBA6F
========== regfind ==========
Searching for "Avira"
[HKEY_CURRENT_USER\Software\Avira]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
@="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
"System.ApplicationName"="Avira.Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
"System.Software.TasksFileUrl"="C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\DefaultIcon]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\Shell\Open\Command]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9480d4af-12b9-4e56-8034-4031ef6ab39d}]
"DisplayName"="Avira"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}]
"DisplayName"="Avira"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E4B3672D4FB5B864BB00B9B321E1F02B]
"Avira.OE.ServiceHost"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4B3672D4FB5B864BB00B9B321E1F02B]
"ProductName"="Avira"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E4B3672D4FB5B864BB00B9B321E1F02B\SourceList]
"PackageName"="Avira.OE.Setup.Msi.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{305CA226-D286-468e-B848-2B2E8E697B74}]
@="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Avira\My Avira\Logfiles\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Avira\My Avira\apps\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\notification\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\notification\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\de-DE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\en-US\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\es-ES\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\fr-FR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\it-IT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\pt-BR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\ru-RU\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\fonts\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\de-DE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\en-US\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\es-ES\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\fr-FR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\it-IT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pt-BR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\ru-RU\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\011EC954228276045A9546819D4473FB]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\en-US\Avira.OE.ServiceHost.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01B110FBC19A58C4FACD93DE359E98D2]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\fr-FR\Avira.OE.ServiceHost.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0232D8E4C3A0D334B92F0A77742A1A45]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Communicator.Interface.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0560DC5E155720C419BC767341F47AED]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\de-DE\Avira.OE.ServiceHost.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D1C741B9EE0C8A4BAC9807C0BB72730]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\es-ES\connection_error.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D8C1C3427A5FE94198A1F6D723C623E]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\en-US\connection_error.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15BCF7AF67472E549B23AF3DF65AEF70]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\de-DE\connection_error.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2456FC8F3B118A5469C11AD5D31DC247]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\ProgramData\Avira\My Avira\apps\manifest.avdata"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C8E55062A1775D43A67E0DB3A5DDEFB]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\fr-FR\connection_error.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\315921E805EFECE40818E7034835AC90]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\ProgramData\Avira\My Avira\Logfiles\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DFB070D6459B8848A2142C85D9EAD3C]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\es-ES\Avira.OE.ServiceHost.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F09910679ECC644D8BCACDD7F2252C0]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\418C008C3A6A7FE40B38C7AD30B1584B]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Messenger.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\439D9C87C8ACC424E8AEC83BD997786B]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.WinCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F716209FAC2E954193F6266F170B78E]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.ExtApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\595972CE95BF16642A61304D7E1570A3]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\notification\images\logo.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B93CDDB76EAA33428E365F2CD83D16C]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.SpeedupConnector.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61753FA321196964394EF63F5A188153]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pt-BR\Avira.OE.ServiceHost.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63FFCFE5B9383FD498240851329D9573]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\ru-RU\connection_error.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B600934862FADA4A912D4A179A975A0]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.BrowserExtensionConnector.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E24970DF22BA8E4183E468437AF2D37]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\it-IT\connection_error.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\722DCFD1CF48E1642B26935EC6CB4201]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.DropboxConnector.Interface.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C5BD5DAD6127D4429BA051FC3839CB5]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.SpeedupConnector.Interface.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D6159F56B8573542B7AA47494078485]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90B7601D50842AA46B9D88E56F4E6A03]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Communicator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9365A38A25E332F419F0479129E28446]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9557CE0D88EFBED4CBAF01D036564665]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\images\av-image.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A686A1C3EC42D1348A5B5196A7B74A70]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnector.Interface.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B150D5DD8676CBF4FB7C1EDBAEEA64D6]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.DropboxConnector.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5E31DA6394912F41A371DC8F2E7D4AB]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.MiniGui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE90F3D5EDA2E5941A4B8C569796097A]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\ProgramData\Avira\My Avira\hbedv.key"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFF1468F92485634D87375D193016A9D]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\it-IT\Avira.OE.ServiceHost.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1CD712C81B9C11438CC285C19F7C089]
"E4B3672D4FB5B864BB00B9B321E1F02B"="01:\Software\Avira\My Avira\installed"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB12E13E8450DCD40B23A06E51A0DCF0]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnector.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D86AAD2EBA58D7D468D29A4BE1E5F37D]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\ru-RU\Avira.OE.ServiceHost.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E67413ED403B25E47ADF77425753CD31]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\fonts\KievitWebPro-Bold.eot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED7CDE9383A72C343BFFBE919E14BCB3]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\pt-BR\connection_error.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE325BD27C254D946B58464B869AF9A8]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\notification\notification.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFAC57F71E3666A479DC9107E07EC742]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.WinCore.Interface.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F46757B40A0063A46A90A3A88CC95568]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\ProgramData\Avira\My Avira\apps\icons\_placeholder.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1EBF61D3B8A7E4E87CFFA688F2CE7E]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\pages\connection_error.css"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FBA05DD96094B31498377601A5184B4A]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FBA29ED12A57D1141860D5506C3766B4]
"E4B3672D4FB5B864BB00B9B321E1F02B"="C:\Program Files (x86)\Avira\My Avira\BundledProducts.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4B3672D4FB5B864BB00B9B321E1F02B\Features]
"Avira.OE.ServiceHost"="QChG=pQKd8NlFp*9YmNf-!vqr9FRL@zC]m5h0`WpRjF~k(iqB?='R&U,HVygj?%IfkNRZ@,}h8urf(_2KRjox$x4a9b4WL,GCwynoKOy6S2Ic=YeL8wGvS(5p?Jvqzgyu@6`N(cgYC3nhpEm&$dM&9aiuK8jA(s^j,eCN8r_{=8NFqJtyOmKo(.],I,sw8hDTf$j=q7@y^mnNdV8B934-eb!1RacbK5fF_Ev8=jd[v=(JlGD8x({PtZTv?mwO%Ljjmf.GQx8ADks[9zT-NN^&&5Cy@r?id_AHA_Vm6o&N[$c*yD3lcqv}?JAYHF+y,_3QuyB7}NPX9Z'mjIuekN%^H[~q7qL!AQtLxrzMa)(eaH{E)vCY?W9^eHC^aq^E{l(_&(zLAVJF3+@EZ7HS7.DJl{jLAFf~9U._Ysd@m}CV9)tG=6.coH^V,fsf*mfZI`'{8G)0?(^dWx]dTge9Sqz'@KITN+gcUC&)4J0pYDA^AO%G%fvdA-K8E7_,d9YU=]m0br+w$4(]_j$fgH^[9o?463w'=bh]F2f`![_-=S@OWvmqQRErr&k9)qni?&e%*nsaT!rkcFSy7L2O=4q}-mCXJX%_`+}aL?Vz?@6H{hui2,$0MkzF2Etq@d7nieOY@cfF}=!l4Eb8A6jf=?-w37MKtV]621-k92D1D+ZyR67eo{TF.$V'A0_Hv)an-l5P~JHg5Gkw8lCkPh.QmrXw)uH*eoy6A=E+IJ`rrUsCU'Kp&Kd2Aj6@f.nOWH)`uW0l=mg&ARIz4'Vk.jCspbc2aaxf?!u-}bes&WTh)Qut{3k]=dQx.mMV?`6})EtF?2A~9%x,@pt-lu&r[=aU?qzCA)ZmY3$5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4B3672D4FB5B864BB00B9B321E1F02B\InstallProperties]
"Publisher"="Avira Operations GmbH & Co. KG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4B3672D4FB5B864BB00B9B321E1F02B\InstallProperties]
"DisplayName"="Avira"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe"="VISTARTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\AntiVir Desktop]
"Path"="C:\Program Files (x86)\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\AntiVir Desktop]
"AppDataDirectory"="C:\ProgramData\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\My Avira]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Avira_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Avira_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira AntiVir Desktop]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]
"Name"="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]
"MasterKey"="Software\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirSchedulerService]
"DisplayName"="Avira Planer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirSchedulerService]
"Description"="Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirService]
"DisplayName"="Avira Echtzeit-Scanner"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirService]
"Description"="Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirWebService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirWebService]
"DisplayName"="Avira Browser-Schutz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirWebService]
"Description"="Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgntflt]
"Description"="Avira mini-filter driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avipbb]
"Description"="Avira Security Enhancement Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avipbb]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avira.OE.ServiceHost]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avira.OE.ServiceHost]
"ImagePath"=""C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avira.OE.ServiceHost]
"DisplayName"="Avira Service Host"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avira.OE.ServiceHost]
"Description"="Service Host for Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avkmgr]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Antivirus]
"CategoryMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Antivirus]
"EventMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Service Host]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
"DisplayName"="Avira Planer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
"Description"="Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]
"DisplayName"="Avira Echtzeit-Scanner"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]
"Description"="Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
"DisplayName"="Avira Browser-Schutz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
"Description"="Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgntflt]
"Description"="Avira mini-filter driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avipbb]
"Description"="Avira Security Enhancement Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avipbb]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avira.OE.ServiceHost]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avira.OE.ServiceHost]
"ImagePath"=""C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avira.OE.ServiceHost]
"DisplayName"="Avira Service Host"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avira.OE.ServiceHost]
"Description"="Service Host for Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avkmgr]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Antivirus]
"CategoryMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Antivirus]
"EventMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Service Host]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
"DisplayName"="Avira Planer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
"Description"="Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]
"DisplayName"="Avira Echtzeit-Scanner"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]
"Description"="Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
"DisplayName"="Avira Browser-Schutz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
"Description"="Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgntflt]
"Description"="Avira mini-filter driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avipbb]
"Description"="Avira Security Enhancement Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avipbb]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avira.OE.ServiceHost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avira.OE.ServiceHost]
"ImagePath"=""C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avira.OE.ServiceHost]
"DisplayName"="Avira Service Host"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avira.OE.ServiceHost]
"Description"="Service Host for Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avkmgr]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Antivirus]
"CategoryMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Antivirus]
"EventMessageFile"="C:\Program Files (x86)\Avira\AntiVir Desktop\avevtrc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Service Host]
[HKEY_USERS\.DEFAULT\Software\Avira]
[HKEY_USERS\.DEFAULT\Software\Avira\My Avira]
[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Avira]
[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]
[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]
[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]
[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]
[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]
[HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]
[HKEY_USERS\S-1-5-18\Software\Avira]
[HKEY_USERS\S-1-5-18\Software\Avira\My Avira]
-= EOF =-
|
|
11.12.2014, 20:40
| #22 |
| /// the machine /// TB-Ausbilder | Avira und AntiMalware hatten schon wieder funde Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen) Code:
ATTFilter Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Avira]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9480d4af-12b9-4e56-8034-4031ef6ab39d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E4B3672D4FB5B864BB00B9B321E1F02B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{305CA226-D286-468e-B848-2B2E8E697B74}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Avira\My Avira\Logfiles\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Avira\My Avira\apps\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\notification\images\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\notification\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\images\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\de-DE\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\en-US\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\es-ES\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\fr-FR\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\it-IT\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\pt-BR\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\ru-RU\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pages\fonts\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\de-DE\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\en-US\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\es-ES\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\fr-FR\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\it-IT\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\pt-BR\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avira\My Avira\ru-RU\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\011EC954228276045A9546819D4473FB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01B110FBC19A58C4FACD93DE359E98D2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0232D8E4C3A0D334B92F0A77742A1A45]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0560DC5E155720C419BC767341F47AED]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D1C741B9EE0C8A4BAC9807C0BB72730]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D8C1C3427A5FE94198A1F6D723C623E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15BCF7AF67472E549B23AF3DF65AEF70]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2456FC8F3B118A5469C11AD5D31DC247]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C8E55062A1775D43A67E0DB3A5DDEFB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\315921E805EFECE40818E7034835AC90]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DFB070D6459B8848A2142C85D9EAD3C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F09910679ECC644D8BCACDD7F2252C0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\418C008C3A6A7FE40B38C7AD30B1584B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\439D9C87C8ACC424E8AEC83BD997786B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F716209FAC2E954193F6266F170B78E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\595972CE95BF16642A61304D7E1570A3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B93CDDB76EAA33428E365F2CD83D16C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61753FA321196964394EF63F5A188153]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63FFCFE5B9383FD498240851329D9573]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B600934862FADA4A912D4A179A975A0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E24970DF22BA8E4183E468437AF2D37]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\722DCFD1CF48E1642B26935EC6CB4201]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C5BD5DAD6127D4429BA051FC3839CB5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D6159F56B8573542B7AA47494078485]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90B7601D50842AA46B9D88E56F4E6A03]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9365A38A25E332F419F0479129E28446]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9557CE0D88EFBED4CBAF01D036564665]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A686A1C3EC42D1348A5B5196A7B74A70]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B150D5DD8676CBF4FB7C1EDBAEEA64D6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5E31DA6394912F41A371DC8F2E7D4AB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE90F3D5EDA2E5941A4B8C569796097A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFF1468F92485634D87375D193016A9D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1CD712C81B9C11438CC285C19F7C089]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB12E13E8450DCD40B23A06E51A0DCF0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D86AAD2EBA58D7D468D29A4BE1E5F37D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E67413ED403B25E47ADF77425753CD31]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED7CDE9383A72C343BFFBE919E14BCB3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE325BD27C254D946B58464B869AF9A8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFAC57F71E3666A479DC9107E07EC742]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F46757B40A0063A46A90A3A88CC95568]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1EBF61D3B8A7E4E87CFFA688F2CE7E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FBA05DD96094B31498377601A5184B4A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FBA29ED12A57D1141860D5506C3766B4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4B3672D4FB5B864BB00B9B321E1F02B]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Avira_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Avira_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Avira Systray"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira AntiVir Desktop]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirSchedulerService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AntiVirWebService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgntflt]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avipbb]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avira.OE.ServiceHost]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avkmgr]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Antivirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Avira Service Host]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgntflt]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avipbb]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avira.OE.ServiceHost]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avkmgr]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Antivirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Avira Service Host]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgntflt]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avipbb]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avira.OE.ServiceHost]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avkmgr]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Antivirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Avira Service Host]
[-HKEY_USERS\.DEFAULT\Software\Avira]
[-HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Avira]
[-HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]
[-HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]
[-HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]
[-HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]
[-HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]
[-HKEY_USERS\S-1-5-21-887015318-538487465-2359642672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]
[-HKEY_USERS\S-1-5-18\Software\Avira]
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Dokumente und Einstellungen\All Users\Avira
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0345f91d
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03c61b4d
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03fcae67
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dd254d3
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dffbeeb
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0e399d67
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0fa27d88
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_1072ff64
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_10b2c1c8
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Avira
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com
C:\Program Files (x86)\Avira
C:\ProgramData\Avira
C:\Users\Basti\AppData\Roaming\Avira
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com
C:\Dokumente und Einstellungen\All Users\Package Cache\010FB1665D87DC9B3C320B700E39119F5B9FCC9F\Avira.OE.Setup.Prerequisites.exe
C:\Dokumente und Einstellungen\All Users\Package Cache\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}v1.1.25.25607\Avira.OE.Setup.Msi.msi
C:\Dokumente und Einstellungen\Public\Desktop\Avira Control Center.lnk
C:\Users\Public\Desktop\Avira Control Center.lnk
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.12.2014, 03:18
| #23 |
| | Avira und AntiMalware hatten schon wieder fundeCode:
ATTFilter C:\Dokumente und Einstellungen\All Users\Avira
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0345f91d
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03c61b4d
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_03fcae67
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dd254d3
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0dffbeeb
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0e399d67
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_0fa27d88
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_1072ff64
C:\Dokumente und Einstellungen\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_avira.oe.service_eab555b394331bed31d9c69ebd523a3f3ef33_10b2c1c8
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Avira
C:\Dokumente und Einstellungen\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com
C:\Program Files (x86)\Avira
C:\ProgramData\Avira
C:\Users\Basti\AppData\Roaming\Avira
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\jABwqBL7.default\extensions\abs@avira.com
C:\Dokumente und Einstellungen\All Users\Package Cache\010FB1665D87DC9B3C320B700E39119F5B9FCC9F\Avira.OE.Setup.Prerequisites.exe
C:\Dokumente und Einstellungen\All Users\Package Cache\{D2763B4E-5BF4-468B-BB00-9B3B121E0FB2}v1.1.25.25607\Avira.OE.Setup.Msi.msi
C:\Dokumente und Einstellungen\Public\Desktop\Avira Control Center.lnk
C:\Users\Public\Desktop\Avira Control Center.lnk
|
|
12.12.2014, 23:10
| #24 |
| /// the machine /// TB-Ausbilder | Avira und AntiMalware hatten schon wieder funde Fix gemacht?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.12.2014, 23:57
| #25 |
| | Avira und AntiMalware hatten schon wieder funde super jetzt ist es weg. war das jetzt ne malware?? ich habe das gleiche problem auf meinem laptop. könntest du mir dort auch helfen. ich bin dir sehr dankbar dafür. thx greeezz |
|
13.12.2014, 20:11
| #26 |
| /// the machine /// TB-Ausbilder | Avira und AntiMalware hatten schon wieder funde Was für ein Problem? Das Avira nicht weg geht?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.12.2014, 16:58
| #27 |
| | Avira und AntiMalware hatten schon wieder funde ja ich habe auf dem laptop genau das gleiche problem mit avira. da war ne freundin dran, seit dem hab ich das drauf. dann meldet das richtige avira ständig irwas mit autorun geblockt und als quelldatei ist das avira-fake angegeben. ich hätte das gerne weg von meinem laptop. hilfst du mir dabei? thx |
|
14.12.2014, 23:39
| #28 |
| /// the machine /// TB-Ausbilder | Avira und AntiMalware hatten schon wieder funde Jap, FRST Logs von dem Rechner bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.12.2014, 07:30
| #29 |
| | Avira und AntiMalware hatten schon wieder fundeFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01 Ran by basti (administrator) on BASTI-PC on 15-12-2014 07:27:01 Running from C:\Users\basti\Downloads Loaded Profiles: UpdatusUser & basti & (Available profiles: UpdatusUser & basti) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\System32\WTMKM.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Windows\System32\atwtusb.exe () C:\Windows\System32\atwtusb.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (MAGIX AG) C:\Program Files (x86)\MAGIX\Music_Maker_MX\MusicMaker.exe (MAGIX AG) C:\Program Files (x86)\MAGIX\Music_Maker_MX\Online\MagixOfa.exe (MAGIX®) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated) HKLM\...\Run: [MacrokeyManager] => C:\windows\system32\WTMKM.exe [12482048 2012-03-07] () HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions" HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1656143743-13120863-1912775482-1000\...\MountPoints2: {ae2690bd-68e5-11e1-9b16-806e6f6e6963} - E:\SETUP.EXE HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ae2690bd-68e5-11e1-9b16-806e6f6e6963} - E:\SETUP.EXE HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.) HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {18b4a11c-68ce-11e4-a530-e8039aabf19f} - F:\EasySuite.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {1bc512c3-6432-11e4-a10e-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {4713a888-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {4713a8a4-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {8fd23007-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {8fd23055-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {c6868b6f-ba5c-11e2-862f-e8039aabf19f} - F:\pushinst.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.) HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {18b4a11c-68ce-11e4-a530-e8039aabf19f} - F:\EasySuite.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bc512c3-6432-11e4-a10e-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4713a888-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4713a8a4-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8fd23007-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8fd23055-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c6868b6f-ba5c-11e2-862f-e8039aabf19f} - F:\pushinst.exe AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) BootExecute: autocheck autochk * sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1656143743-13120863-1912775482-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> {897486ED-9287-4939-B19A-4A0A0B9C2EFF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=31AFF370-5EA2-4949-8311-EE662C9F6D7C&apn_sauid=1CFF06F3-42B2-4022-8E49-7A6BC9C27968 SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {897486ED-9287-4939-B19A-4A0A0B9C2EFF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=31AFF370-5EA2-4949-8311-EE662C9F6D7C&apn_sauid=1CFF06F3-42B2-4022-8E49-7A6BC9C27968 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D1E9C4FE-3969-4380-A416-2B8F2EBE2E99}: [NameServer] 10.74.210.210 10.74.210.211 FireFox: ======== FF ProfilePath: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default FF SearchEngineOrder.1: Ask.com FF SearchEngineOrder.3: Bing FF Homepage: about:home FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\searchplugins\google-maps.xml FF Extension: Avira Browser Safety - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\Extensions\abs@avira.com [2014-11-25] FF Extension: Download videos and MP3s from YouTube - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-11] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10] FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-12-10] FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\extensions\cliqz@cliqz.com FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-11] FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\extensions\cliqz@cliqz.com FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP CHR StartupUrls: Default -> "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP" CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms} CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97 CHR Profile: C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14] CHR Extension: (Google Drive) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08] CHR Extension: (YouTube) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14] CHR Extension: (Google-Suche) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14] CHR Extension: (Avira Browserschutz) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-08] CHR Extension: (Skype Click to Call) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-08] CHR Extension: (Google Wallet) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14] CHR Extension: (Google Mail) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] R3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.) R2 WTService; C:\windows\system32\atwtusb.exe [584192 2012-02-07] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-31] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-31] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG) U0 hobgmy; C:\Windows\System32\drivers\isrq.sys [79064 2014-12-15] (Malwarebytes Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2014-11-11] (Huawei Technologies Co., Ltd.) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-05] (Windows (R) 2003 DDK 3790 provider) R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider) S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X] S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] S3 BtFilter; system32\DRIVERS\btfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 07:27 - 2014-12-15 07:27 - 00025659 _____ () C:\Users\basti\Downloads\FRST.txt 2014-12-15 07:26 - 2014-12-15 07:27 - 00000000 ____D () C:\FRST 2014-12-15 07:25 - 2014-12-15 07:25 - 02119168 _____ (Farbar) C:\Users\basti\Downloads\FRST64.exe 2014-12-15 02:05 - 2014-12-15 02:05 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\isrq.sys 2014-12-11 03:08 - 2014-12-11 03:08 - 00000000 ____D () C:\windows\system32\appraiser 2014-12-11 03:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2014-12-11 03:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll 2014-12-11 03:02 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2014-12-11 03:02 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2014-12-11 03:02 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2014-12-11 03:02 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2014-12-11 03:02 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll 2014-12-11 03:02 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe 2014-12-11 03:02 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe 2014-12-11 03:02 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll 2014-12-10 09:33 - 2014-12-10 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 07:47 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2014-12-10 07:47 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-12-10 07:47 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2014-12-10 07:47 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-12-10 07:47 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-12-10 07:47 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-12-10 07:47 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-12-10 07:47 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-12-10 07:47 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-12-10 07:47 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-12-10 07:47 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-12-10 07:47 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-12-10 07:47 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-12-10 07:47 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-12-10 07:47 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-12-10 07:47 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-12-10 07:47 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-12-10 07:47 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-12-10 07:47 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-12-10 07:47 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-12-10 07:47 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-12-10 07:47 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-12-10 07:47 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-12-10 07:47 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-12-10 07:47 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 07:47 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-12-10 07:47 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-12-10 07:47 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-12-10 07:47 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-12-10 07:47 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-12-10 07:47 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-12-10 07:47 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-12-10 07:47 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-12-10 07:47 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-12-10 07:47 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-12-10 07:47 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-12-10 07:47 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-12-10 07:47 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-12-10 07:47 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-12-10 07:47 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-12-10 07:47 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-12-10 07:47 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-12-10 07:47 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-12-10 07:47 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-12-10 07:47 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 07:47 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-12-10 07:47 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-12-10 07:47 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-12-10 07:47 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-12-10 07:47 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-12-10 07:47 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-12-10 07:47 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-12-10 07:47 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-12-10 07:47 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-12-10 07:47 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-12-10 07:47 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-12-10 07:47 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-12-10 07:47 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-12-10 07:47 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-12-10 07:47 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-12-10 07:47 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-12-10 07:47 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys 2014-12-10 07:46 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-12-10 07:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-12-10 07:46 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe 2014-12-10 07:46 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe 2014-12-10 07:46 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll 2014-12-10 07:46 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll 2014-12-10 07:46 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll 2014-12-10 07:46 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll 2014-12-10 07:46 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe 2014-12-10 07:46 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll 2014-12-10 07:46 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 07:46 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll 2014-12-10 07:46 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll 2014-12-10 07:46 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe 2014-12-02 13:04 - 2014-12-12 19:43 - 00000896 _____ () C:\windows\setupact.log 2014-12-02 13:04 - 2014-12-02 13:04 - 00000000 _____ () C:\windows\setuperr.log 2014-11-30 00:44 - 2014-11-30 00:44 - 00000000 __SHD () C:\Users\basti\AppData\Local\EmieBrowserModeList 2014-11-29 09:30 - 2014-11-29 09:30 - 00000000 ____D () C:\Users\basti\AppData\Local\{B9323654-826A-4D36-AD33-B6E531320ABB} 2014-11-28 13:54 - 2014-11-28 13:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\basti\Downloads\revosetup95.exe 2014-11-28 13:54 - 2014-11-28 13:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-27 00:31 - 2014-12-14 21:58 - 00000000 ____D () C:\Users\basti\AppData\Roaming\FileAdvisor 2014-11-26 21:58 - 2014-12-15 01:40 - 00000000 ____D () C:\Program Files (x86)\Search Extensions 2014-11-26 21:57 - 2014-12-02 08:29 - 00000000 ____D () C:\Users\basti\AppData\Roaming\Free YouTube to MP3 Converter Studio 2014-11-26 21:57 - 2014-11-26 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter Studio 2014-11-26 21:57 - 2014-11-26 21:57 - 00000000 ____D () C:\Program Files (x86)\Free YouTube to MP3 Converter Studio 2014-11-26 21:55 - 2014-11-26 21:55 - 11872560 _____ (mediaprolab.com ) C:\Users\basti\Downloads\youtube-to-mp3-converter(1).exe 2014-11-26 21:55 - 2014-11-26 21:55 - 00234912 _____ (Download.com) C:\Users\basti\Downloads\youtube-to-mp3-converter.exe 2014-11-26 21:07 - 2014-12-14 08:38 - 00003518 _____ () C:\windows\System32\Tasks\FileAdvisorCheck 2014-11-26 21:07 - 2014-12-14 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor 2014-11-26 21:07 - 2014-12-14 08:37 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor 2014-11-26 21:07 - 2014-11-26 21:58 - 00003594 _____ () C:\windows\System32\Tasks\FileAdvisorUpdate 2014-11-26 21:07 - 2014-11-26 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter 2014-11-26 21:07 - 2014-11-26 21:07 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter 2014-11-26 21:05 - 2014-11-26 21:05 - 01169232 _____ () C:\Users\basti\Downloads\Free M4a to MP3 Converter - CHIP-Installer.exe 2014-11-25 12:58 - 2014-11-26 21:04 - 00000000 ____D () C:\Output 2014-11-25 12:57 - 2014-11-25 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter 2014-11-25 12:57 - 2014-11-25 12:57 - 00000000 ____D () C:\MP4ToMP3Converter 2014-11-25 12:55 - 2014-11-25 12:55 - 01169232 _____ () C:\Users\basti\Downloads\MP4 to MP3 Converter - CHIP-Installer.exe 2014-11-18 21:27 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-11-18 21:27 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll 2014-11-18 21:27 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-11-18 21:27 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 07:23 - 2012-07-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-15 07:03 - 2014-06-14 21:58 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-15 06:29 - 2012-08-05 18:17 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-12-15 05:12 - 2012-03-08 23:10 - 01391723 _____ () C:\windows\WindowsUpdate.log 2014-12-15 02:05 - 2012-03-08 22:19 - 00000000 ____D () C:\windows\ShellNew 2014-12-15 01:43 - 2014-06-28 19:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-15 01:42 - 2014-06-28 19:33 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-15 01:42 - 2014-06-28 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-15 01:42 - 2014-06-28 19:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-15 01:41 - 2012-06-28 16:17 - 00000000 ____D () C:\Users\basti\AppData\Roaming\Skype 2014-12-14 16:08 - 2014-06-14 21:58 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-12 19:52 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-12 19:52 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-12 19:44 - 2009-07-14 03:34 - 00000418 _____ () C:\windows\win.ini 2014-12-12 19:43 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-12-12 14:59 - 2014-10-31 14:03 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-12 14:59 - 2014-10-31 13:55 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-12 14:59 - 2013-05-30 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-12 14:59 - 2013-05-30 18:34 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-11 03:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache 2014-12-11 03:08 - 2014-05-10 18:20 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-12-11 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-12-11 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat 2014-12-11 03:06 - 2013-08-27 16:11 - 00000000 ____D () C:\windows\system32\MRT 2014-12-11 03:03 - 2012-08-07 13:16 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-12-10 08:29 - 2012-08-05 18:17 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 08:29 - 2012-08-05 18:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 08:29 - 2012-08-05 18:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 07:35 - 2014-06-14 21:59 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-02 13:16 - 2012-06-25 09:43 - 00000000 ____D () C:\Program Files (x86)\phase5 2014-12-01 20:43 - 2014-02-28 20:40 - 00000000 ____D () C:\Users\basti\AppData\Local\Windows Live 2014-12-01 10:43 - 2012-06-02 11:04 - 00000132 _____ () C:\Users\basti\AppData\Roaming\Adobe PNG Format CS5 Prefs 2014-11-29 09:55 - 2014-06-17 23:34 - 00000000 ____D () C:\Users\basti\Documents\Youcam 2014-11-26 21:20 - 2014-11-06 21:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-11-21 06:14 - 2014-06-28 19:33 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-06-28 19:33 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-06-28 19:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-11-18 22:28 - 2012-06-01 14:08 - 00000000 ____D () C:\Users\basti\AppData\Local\VirtualStore 2014-11-18 21:31 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG 2014-11-18 21:31 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-11-18 21:31 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-11-15 14:58 - 2014-06-14 21:58 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 14:58 - 2014-06-14 21:58 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\basti\AppData\Local\Temp\avgnt.exe C:\Users\basti\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\basti\AppData\Local\Temp\System.Data.SQLitefeb652fb-2f33-43df-9a1b-b3dfa7142c88.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 13:47 ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01 Ran by basti (administrator) on BASTI-PC on 15-12-2014 07:27:01 Running from C:\Users\basti\Downloads Loaded Profiles: UpdatusUser & basti & (Available profiles: UpdatusUser & basti) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\System32\WTMKM.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Windows\System32\atwtusb.exe () C:\Windows\System32\atwtusb.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (MAGIX AG) C:\Program Files (x86)\MAGIX\Music_Maker_MX\MusicMaker.exe (MAGIX AG) C:\Program Files (x86)\MAGIX\Music_Maker_MX\Online\MagixOfa.exe (MAGIX®) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated) HKLM\...\Run: [MacrokeyManager] => C:\windows\system32\WTMKM.exe [12482048 2012-03-07] () HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions" HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1656143743-13120863-1912775482-1000\...\MountPoints2: {ae2690bd-68e5-11e1-9b16-806e6f6e6963} - E:\SETUP.EXE HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ae2690bd-68e5-11e1-9b16-806e6f6e6963} - E:\SETUP.EXE HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.) HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {18b4a11c-68ce-11e4-a530-e8039aabf19f} - F:\EasySuite.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {1bc512c3-6432-11e4-a10e-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {4713a888-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {4713a8a4-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {8fd23007-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {8fd23055-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\MountPoints2: {c6868b6f-ba5c-11e2-862f-e8039aabf19f} - F:\pushinst.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.) HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {18b4a11c-68ce-11e4-a530-e8039aabf19f} - F:\EasySuite.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bc512c3-6432-11e4-a10e-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4713a888-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4713a8a4-69c2-11e4-855b-e8039aabf19f} - F:\AutoRun.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8fd23007-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8fd23055-f429-11e3-82b0-e8039aabf19f} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c6868b6f-ba5c-11e2-862f-e8039aabf19f} - F:\pushinst.exe AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) BootExecute: autocheck autochk * sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1656143743-13120863-1912775482-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> {897486ED-9287-4939-B19A-4A0A0B9C2EFF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=31AFF370-5EA2-4949-8311-EE662C9F6D7C&apn_sauid=1CFF06F3-42B2-4022-8E49-7A6BC9C27968 SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {897486ED-9287-4939-B19A-4A0A0B9C2EFF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=31AFF370-5EA2-4949-8311-EE662C9F6D7C&apn_sauid=1CFF06F3-42B2-4022-8E49-7A6BC9C27968 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D1E9C4FE-3969-4380-A416-2B8F2EBE2E99}: [NameServer] 10.74.210.210 10.74.210.211 FireFox: ======== FF ProfilePath: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default FF SearchEngineOrder.1: Ask.com FF SearchEngineOrder.3: Bing FF Homepage: about:home FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\searchplugins\google-maps.xml FF Extension: Avira Browser Safety - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\Extensions\abs@avira.com [2014-11-25] FF Extension: Download videos and MP3s from YouTube - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-11] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10] FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-12-10] FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\extensions\cliqz@cliqz.com FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-11] FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\basti\AppData\Roaming\Mozilla\Firefox\Profiles\s5rfsy7n.default\extensions\cliqz@cliqz.com FF HKU\S-1-5-21-1656143743-13120863-1912775482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP CHR StartupUrls: Default -> "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP" CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms} CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97 CHR Profile: C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14] CHR Extension: (Google Drive) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08] CHR Extension: (YouTube) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14] CHR Extension: (Google-Suche) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14] CHR Extension: (Avira Browserschutz) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-08] CHR Extension: (Skype Click to Call) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-08] CHR Extension: (Google Wallet) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14] CHR Extension: (Google Mail) - C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] R3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.) R2 WTService; C:\windows\system32\atwtusb.exe [584192 2012-02-07] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-31] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-31] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG) U0 hobgmy; C:\Windows\System32\drivers\isrq.sys [79064 2014-12-15] (Malwarebytes Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2014-11-11] (Huawei Technologies Co., Ltd.) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-05] (Windows (R) 2003 DDK 3790 provider) R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider) S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X] S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] S3 BtFilter; system32\DRIVERS\btfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 07:27 - 2014-12-15 07:27 - 00025659 _____ () C:\Users\basti\Downloads\FRST.txt 2014-12-15 07:26 - 2014-12-15 07:27 - 00000000 ____D () C:\FRST 2014-12-15 07:25 - 2014-12-15 07:25 - 02119168 _____ (Farbar) C:\Users\basti\Downloads\FRST64.exe 2014-12-15 02:05 - 2014-12-15 02:05 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\isrq.sys 2014-12-11 03:08 - 2014-12-11 03:08 - 00000000 ____D () C:\windows\system32\appraiser 2014-12-11 03:02 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2014-12-11 03:02 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll 2014-12-11 03:02 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2014-12-11 03:02 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2014-12-11 03:02 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2014-12-11 03:02 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2014-12-11 03:02 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll 2014-12-11 03:02 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe 2014-12-11 03:02 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe 2014-12-11 03:02 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll 2014-12-10 09:33 - 2014-12-10 09:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 07:47 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-12-10 07:47 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2014-12-10 07:47 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-12-10 07:47 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2014-12-10 07:47 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-12-10 07:47 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-12-10 07:47 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-12-10 07:47 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-12-10 07:47 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-12-10 07:47 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-12-10 07:47 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-12-10 07:47 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-12-10 07:47 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-12-10 07:47 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-12-10 07:47 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-12-10 07:47 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-12-10 07:47 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-12-10 07:47 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-12-10 07:47 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-12-10 07:47 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-12-10 07:47 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-12-10 07:47 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-12-10 07:47 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-12-10 07:47 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-12-10 07:47 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-12-10 07:47 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 07:47 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-12-10 07:47 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-12-10 07:47 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-12-10 07:47 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-12-10 07:47 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-12-10 07:47 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-12-10 07:47 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-12-10 07:47 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-12-10 07:47 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-12-10 07:47 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-12-10 07:47 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-12-10 07:47 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-12-10 07:47 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-12-10 07:47 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-12-10 07:47 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-12-10 07:47 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-12-10 07:47 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-12-10 07:47 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-12-10 07:47 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-12-10 07:47 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 07:47 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-12-10 07:47 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-12-10 07:47 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-12-10 07:47 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-12-10 07:47 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-12-10 07:47 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-12-10 07:47 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-12-10 07:47 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-12-10 07:47 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-12-10 07:47 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-12-10 07:47 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-12-10 07:47 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-12-10 07:47 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-12-10 07:47 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-12-10 07:47 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-12-10 07:47 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-12-10 07:47 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys 2014-12-10 07:46 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-12-10 07:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-12-10 07:46 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe 2014-12-10 07:46 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe 2014-12-10 07:46 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll 2014-12-10 07:46 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll 2014-12-10 07:46 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll 2014-12-10 07:46 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll 2014-12-10 07:46 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe 2014-12-10 07:46 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll 2014-12-10 07:46 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 07:46 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll 2014-12-10 07:46 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll 2014-12-10 07:46 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe 2014-12-02 13:04 - 2014-12-12 19:43 - 00000896 _____ () C:\windows\setupact.log 2014-12-02 13:04 - 2014-12-02 13:04 - 00000000 _____ () C:\windows\setuperr.log 2014-11-30 00:44 - 2014-11-30 00:44 - 00000000 __SHD () C:\Users\basti\AppData\Local\EmieBrowserModeList 2014-11-29 09:30 - 2014-11-29 09:30 - 00000000 ____D () C:\Users\basti\AppData\Local\{B9323654-826A-4D36-AD33-B6E531320ABB} 2014-11-28 13:54 - 2014-11-28 13:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\basti\Downloads\revosetup95.exe 2014-11-28 13:54 - 2014-11-28 13:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-27 00:31 - 2014-12-14 21:58 - 00000000 ____D () C:\Users\basti\AppData\Roaming\FileAdvisor 2014-11-26 21:58 - 2014-12-15 01:40 - 00000000 ____D () C:\Program Files (x86)\Search Extensions 2014-11-26 21:57 - 2014-12-02 08:29 - 00000000 ____D () C:\Users\basti\AppData\Roaming\Free YouTube to MP3 Converter Studio 2014-11-26 21:57 - 2014-11-26 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter Studio 2014-11-26 21:57 - 2014-11-26 21:57 - 00000000 ____D () C:\Program Files (x86)\Free YouTube to MP3 Converter Studio 2014-11-26 21:55 - 2014-11-26 21:55 - 11872560 _____ (mediaprolab.com ) C:\Users\basti\Downloads\youtube-to-mp3-converter(1).exe 2014-11-26 21:55 - 2014-11-26 21:55 - 00234912 _____ (Download.com) C:\Users\basti\Downloads\youtube-to-mp3-converter.exe 2014-11-26 21:07 - 2014-12-14 08:38 - 00003518 _____ () C:\windows\System32\Tasks\FileAdvisorCheck 2014-11-26 21:07 - 2014-12-14 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor 2014-11-26 21:07 - 2014-12-14 08:37 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor 2014-11-26 21:07 - 2014-11-26 21:58 - 00003594 _____ () C:\windows\System32\Tasks\FileAdvisorUpdate 2014-11-26 21:07 - 2014-11-26 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter 2014-11-26 21:07 - 2014-11-26 21:07 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter 2014-11-26 21:05 - 2014-11-26 21:05 - 01169232 _____ () C:\Users\basti\Downloads\Free M4a to MP3 Converter - CHIP-Installer.exe 2014-11-25 12:58 - 2014-11-26 21:04 - 00000000 ____D () C:\Output 2014-11-25 12:57 - 2014-11-25 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter 2014-11-25 12:57 - 2014-11-25 12:57 - 00000000 ____D () C:\MP4ToMP3Converter 2014-11-25 12:55 - 2014-11-25 12:55 - 01169232 _____ () C:\Users\basti\Downloads\MP4 to MP3 Converter - CHIP-Installer.exe 2014-11-18 21:27 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-11-18 21:27 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll 2014-11-18 21:27 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-11-18 21:27 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 07:23 - 2012-07-22 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-15 07:03 - 2014-06-14 21:58 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-15 06:29 - 2012-08-05 18:17 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-12-15 05:12 - 2012-03-08 23:10 - 01391723 _____ () C:\windows\WindowsUpdate.log 2014-12-15 02:05 - 2012-03-08 22:19 - 00000000 ____D () C:\windows\ShellNew 2014-12-15 01:43 - 2014-06-28 19:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-15 01:42 - 2014-06-28 19:33 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-15 01:42 - 2014-06-28 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-15 01:42 - 2014-06-28 19:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-15 01:41 - 2012-06-28 16:17 - 00000000 ____D () C:\Users\basti\AppData\Roaming\Skype 2014-12-14 16:08 - 2014-06-14 21:58 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-12 19:52 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-12 19:52 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-12 19:44 - 2009-07-14 03:34 - 00000418 _____ () C:\windows\win.ini 2014-12-12 19:43 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-12-12 14:59 - 2014-10-31 14:03 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-12 14:59 - 2014-10-31 13:55 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-12 14:59 - 2013-05-30 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-12 14:59 - 2013-05-30 18:34 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-11 03:43 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache 2014-12-11 03:08 - 2014-05-10 18:20 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-12-11 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-12-11 03:08 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat 2014-12-11 03:06 - 2013-08-27 16:11 - 00000000 ____D () C:\windows\system32\MRT 2014-12-11 03:03 - 2012-08-07 13:16 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-12-10 08:29 - 2012-08-05 18:17 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 08:29 - 2012-08-05 18:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 08:29 - 2012-08-05 18:17 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 07:35 - 2014-06-14 21:59 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-02 13:16 - 2012-06-25 09:43 - 00000000 ____D () C:\Program Files (x86)\phase5 2014-12-01 20:43 - 2014-02-28 20:40 - 00000000 ____D () C:\Users\basti\AppData\Local\Windows Live 2014-12-01 10:43 - 2012-06-02 11:04 - 00000132 _____ () C:\Users\basti\AppData\Roaming\Adobe PNG Format CS5 Prefs 2014-11-29 09:55 - 2014-06-17 23:34 - 00000000 ____D () C:\Users\basti\Documents\Youcam 2014-11-26 21:20 - 2014-11-06 21:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-11-21 06:14 - 2014-06-28 19:33 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-06-28 19:33 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-06-28 19:33 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-11-18 22:28 - 2012-06-01 14:08 - 00000000 ____D () C:\Users\basti\AppData\Local\VirtualStore 2014-11-18 21:31 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG 2014-11-18 21:31 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-11-18 21:31 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-11-15 14:58 - 2014-06-14 21:58 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 14:58 - 2014-06-14 21:58 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\basti\AppData\Local\Temp\avgnt.exe C:\Users\basti\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\basti\AppData\Local\Temp\System.Data.SQLitefeb652fb-2f33-43df-9a1b-b3dfa7142c88.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 13:47 ==================== End Of Log ============================ |
|
15.12.2014, 20:05
| #30 |
| /// the machine /// TB-Ausbilder | Avira und AntiMalware hatten schon wieder funde Addition.txt fehlt noch 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Avira und AntiMalware hatten schon wieder funde |
| ahnung, antimalware, fehlercode 0xc0000005, fehlercode windows, gefährliche, gefährlichen, keine ahnung, langsam, programme, pup.optional.crossrider.a, pup.optional.opencandy, pup.optional.plushd.a, regelmäßig, schneller, sehr langsam, unerwünschte, websites |
Linear-Darstellung
